MDE not detecting regsecrets.py from impacket-toolkit

In a recent red-team engagement we got exposed to the regsecrets.py toolkit which made it possible to extract SAM hive without any detection from the MDE.

I have tried to use advanced hunting to see if there are any event that would make up for a good custom detection rule but no success yet, please share if you have any queries that works for you.

Some information regarding this script:

This script is a modification of secretsdump.py that uses a different technique to extract registry secrets (the logic regarding DCSync operations has been removed). It does not write files on the disk and does not perform reg save like operations. This allow recovering the SAM database and the LSA secrets while being less prone to detection by security product.
All required keys are accessed using registry queries. To access keys within the SAM and SECURITY hives, the dwOption of https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/8cb48f55-19e1-4ea2-8d76-dd0f6934f0d9 allows passing the REG_OPTION_BACKUP_RESTORE value to disable any ACL checks performed, thus, allowing to access these registry keys normally restricted to the SYSTEM user.

Thanks in advance for sharing some experience of detecting this.