This detection rule monitors the addition of new email domains to an Asana workspace. It triggers when a user adds a domain that is not already in use by the organization. The rule's main purpose is to ensure organizational security by validating any new domain before it is utilized within the workspace. Upon triggering, it reviews the logs for expected results which include confirming whether the new domain belongs to the organization. The rule distinguishes valid domain additions from unauthorized ones and is particularly focused on protecting against accidental or malicious inclusion of unrecognized domains. It operates under a low severity level, indicating the risk is comparatively minimal but should still be monitored to prevent potential misuse.