Hello everyone, I have a problem about event 4656 that I have never encountered before. Please explain to me. I dont know value "Access Mask: 0x1478 " and why lsass access lsass, Its false positive?

Detail event:

%NICWIN-4-Security_4656_Microsoft-Windows-Security-Auditing: Security,rn=5487362336 cid=852 eid=844,Mon Nov 27 09:09:32 2023,4656,Microsoft-Windows-Security-Auditing,,Audit Success,srv-ex16.local,Kernel Object,,A handle to an object was requested. Subject: Security ID: S-1-5-18 Account Name: SRV-EX16$ Account Domain: test Logon ID: 0x3E7 Object: Object Server: Security Object Type: Process Object Name: \Device\HarddiskVolume2\Windows\System32\lsass.exe Handle ID: 0x66d04 Resource Attributes: - Process Information: Process ID: 0x34c Process Name: C:\Windows\System32\lsass.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: Perform virtual memory operation Read from process memory Write to process memory Duplicate handle into or out of process Query process information Undefined Access (no effect) Bit 12 Access Reasons: - Access Mask: 0x1478 Privileges Used for Access Check: - Restricted SID Count: 0