Built off the open source project Osquery
Description: Looks to see if the lsass process is protected
What The Data Shows: It will show what machines do not have lsass protections in place. This can lead to reading or injecting lsass to read hashes. If the result is 1, it means LSA protections is enabled.
SQL:
Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.