This detection rule is focused on identifying authentication failures within Cisco Border Gateway Protocol (BGP) setups. Such failures often signify attempts to exploit vulnerabilities in routing through brute force methods. The rule checks Cisco BGP logs specifically looking for logs that include the TCP port associated with BGP (port 179) and the error message indicating bad authentication credentials (IP-TCP-3-BADAUTH). When multiple occurrences of these logs are detected, it raises a potential alert for further investigation, as it may indicate an ongoing attack on the routing infrastructure. The detection is predicated on correctly configured Cisco BGP settings that log authentication details, which must be ingested for effective monitoring.