The detection rule 'Detect new user AWS Console Login' is designed to monitor AWS console logins by new users within a specified timeframe (the last hour). It operates by analyzing AWS CloudTrail logs for ConsoleLogin events, renaming relevant user identity fields to facilitate analysis. The rule utilizes a lookup file containing ARNs of previously logged-in users to compare new login attempts against known users. If a user attempts to log in for the first time in the last hour, the detection rule triggers an alert. Notably, this rule has been deprecated and is now replaced by a using the Authentication datamodel, which suggests a shift towards a more standardized method of user authentication monitoring across the AWS environment. The implementation of the rule requires the installation and configuration of the AWS App for Splunk and the associated add-ons, alongside baseline management for the user activity data.