This detection rule targets excessive one-time password (OTP) requests to mitigate potential multi-factor authentication (MFA) fatigue attacks or brute-force OTP attempts. With threat actors often attempting to bypass robust security measures, this rule identifies scenarios where a single user sends more than ten OTP requests to their device within a single hour. Such spikes in requests could indicate malicious behavior aiming to exploit weaknesses in the authentication flow. Using authentication data from Auth0 logs, the rule relies on specific event types indicating rate limitation breaches and utilizes Splunk to extract and analyze relevant information. The output includes timestamp, host information, user identity, geographical location, source IP, and the specific OTP request signature, facilitating rapid incident response and monitoring of suspicious authentication activities.