This detection rule utilizes machine learning to monitor Okta for unusual access attempts, specifically focusing on privileged operations performed from atypical source IP addresses. By setting an anomaly threshold of 75, the rule identifies whether a user is executing high-risk actions from a location not previously associated with their account behavior. If detected, it raises alerts to indicate potential account compromise, misuse of administrative privileges, or an attacker attempting to escalate privileges through a new network location. The setup requires integration with the Privileged Access Detection (PAD) assets and collection of Okta logs. This rule is categorized under the 'low' severity level but involves critical monitoring due to the nature of privileged access.