This detection rule identifies instances where an Atlassian administrator has impersonated another user by logging into their account. The mechanism relies on audit logs generated by Atlassian, which capture events related to user logins, particularly focusing on `user_logged_in_as_user` actions. The rule is considered high severity due to the potential malicious use of admin privileges, which can lead to unauthorized access to user data and privacy breaches. The detection logic checks for specific attributes in the logs that indicate a successful impersonation attempt by an admin. The effectiveness of this rule is validated through defined test cases that confirm the correct detection of impersonation events and the absence of false positives for unrelated login actions.