refactor: lsass dump file, nano dump default

rules/windows/file_event/file_event_win_lsass_dump.yml

@@ -11,8 +11,9 @@ references:
     - https://medium.com/@markmotig/some-ways-to-dump-lsass-exe-c4a75fdc49bf
     - https://github.com/elastic/detection-rules/blob/main/rules/windows/credential_access_lsass_memdump_file_created.toml
     - https://www.whiteoaksecurity.com/blog/attacks-defenses-dumping-lsass-no-mimikatz/
+    - https://github.com/helpsystems/nanodump
 date: 2021/11/15
-modified: 2022/02/10
+modified: 2022/06/27
 tags:
     - attack.credential_access
     - attack.t1003.001
@@ -40,6 +41,9 @@ detection:
     selection4:
         TargetFilename|contains: 'SQLDmpr'
         TargetFilename|endswith: '.mdmp'
+    selection5:
+        TargetFilename|startswith: 'nanodump'
+        TargetFilename|endswith: '.dmp'
     condition: 1 of selection*
 falsepositives:
     - Unknown