This rule is designed to detect newly observed high severity detection alerts within Elastic SIEM that have not been recorded in the past five days. The key focus is on low-volume alerts linked to specific detection rules, allowing security analysts to prioritize their investigation and response efforts. The rule operates on data collected for a window of time and identifies alerts with a risk score of 73 or higher, excluding those from certain detection types such as threat matches, machine learning, and deprecated alerts. The ESQL query aggregates information related to the first and last seen timestamps of alerts and filters down to instances where alerts have not previously occurred within the established time frame. Enhanced analysis guides are provided to assist analysts in determining the context and legitimacy of these alerts.