This detection rule identifies potential brand impersonation attacks specifically involving Vanta. The rule utilizes sender analysis to detect emails that may impersonate the Vanta brand by examining the sender's display name and email properties. If the sender's display name or local email part contains 'vanta' or a close variant, the rule is triggered. Additionally, it checks that the sender's domain is not from highly trusted domains unless they fail DMARC authentication. The rule also excludes cases related to the 'advantage' brand. This helps to minimize false positives from legitimate correspondence while effectively flagging potential phishing attempts. Essentially, this rule targets credential phishing attempts that leverage brand impersonation techniques through social engineering and lookalike domains.