This detection rule from Okta identifies multiple failure login attempts involving unknown user accounts, indicating possible unauthorized access attempts, such as brute force attacks. When the rule triggers, it provides insights on the count and time of login failures along with details about the users and their respective login attempts using the `okta` event type. It takes advantage of Okta's ThreatInsight capabilities to summarize incidents involving high unknown user counts. This rule has been deprecated in favor of a more comprehensive coverage provided by `Okta ThreatInsight Threat Detected`, which consolidates similar findings under a new analytics framework. Users who require similar monitoring should transition to the recommended rule for enhanced effectiveness and continued support.