diff --git a/rules/windows/builtin/win_lm_namedpipe.yml b/rules/windows/builtin/win_lm_namedpipe.yml
index fb29d1d8e..573eada64 100644
--- a/rules/windows/builtin/win_lm_namedpipe.yml
+++ b/rules/windows/builtin/win_lm_namedpipe.yml
@@ -20,6 +20,7 @@ detection:
       - 'atsvc'
       - 'samr'
       - 'lsarpc'
+      - 'lsass'
       - 'winreg'
       - 'netlogon'
       - 'srvsvc'