Update lateral_movement_credential_access_kerberos_correlation.toml

Author: Samirbous

rules/windows/lateral_movement_credential_access_kerberos_correlation.toml

@@ -57,7 +57,10 @@ Domain-joined hosts usually perform Kerberos traffic using the `lsass.exe` proce
 - Determine the initial vector abused by the attacker and take action to prevent reinfection through the same vector.
 - Using the incident response data, update logging and audit policies to improve the mean time to detect (MTTD) and the mean time to respond (MTTR).
 """
-references = ["https://github.com/its-a-feature/bifrost"]
+references = [
+"https://github.com/its-a-feature/bifrost", 
+"https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-10/security/threat-protection/auditing/event-4768"
+]
 risk_score = 73
 rule_id = "c6b40f4c-c6a9-434e-adb8-989b0d06d005"
 severity = "high"