This rule runs a script in response to event 5723 from Net Logon. The script determines whether a domain controller trust account is involved, and, if so, it generates another event that will be converted into an alert.
For more information, see:
Microsoft Help and Support for Microsoft Windows Server 2008 and above
Microsoft Knowledge Base