This detection rule is designed to identify failed login attempts to the AWS Management Console which may indicate an adversarial brute-force attack. It utilizes AWS CloudTrail logs to monitor 'ConsoleLogin' events that have a response indicating failure, specifically those that have occurred within the last two hours. By analyzing the event time and the event name, this rule captures those attempts where the login credentials were guessed or otherwise compromised. The rule categorizes the technique as credential-access through brute force, aligning with the MITRE ATT&CK technique T1110. This detection aids organizations in quickly identifying potential unauthorized access attempts to their AWS accounts and responding appropriately to potential threats. The references provided offer additional context and guidance on AWS console login events and related incidents.