This detection rule identifies successful voice call requests used for multi-factor authentication (MFA) via Auth0. Threat actors may exploit MFA by triggering unauthorized verification calls, potentially circumventing security measures. The rule monitors events related to voice calls for MFA and flags successful requests, which may indicate either legitimate user authentication or malicious attempts to manipulate MFA processes. The logic utilizes Splunk to filter for specific event types associated with the voice call for MFA, grouping the data by user and time to facilitate analysis. The outputs include important contextual information such as the host, user, and geographical details, aiding in identifying suspicious patterns or anomalies in authentication activity.