This detection rule focuses on monitoring and reporting security threats detected by Okta's ThreatInsight feature within the admin System Log. By enabling this feature, any requests originating from known malicious IP addresses will be flagged and recorded. The Splunk query specified in the rule retrieves security threat detected events from Okta, evaluates the result of the threat detection, and organizes the relevant information into a structured table format. Key fields include the timestamp, host details, user information, decision outcomes (success or failure), and additional contextual data about the threat such as source and destination IP addresses. This allows admins to efficiently review potential security threats and take appropriate actions based on the recorded data. The rule also combines multiple built-in Okta alerts, streamlining the process of analyzing security incidents across the platform.