This detection rule monitors the viewing of secret keys for application integrations by administrators in the Duo security environment. The rule captures instances where an administrator accesses a sensitive credential (secret key), potentially indicating unauthorized access or exposure of this key. The rule is set to trigger a medium severity alert if such an action is logged, considering the importance of maintaining the confidentiality of secret keys to prevent unauthorized access to integrations. The rule consists of two tests: the first test checks for a successful viewing of a secret key, while the second test checks for an unrelated action (application install) to ensure that the correct log action is being monitored. If the condition of the first test is met, an alert will be generated. The log details include the action performed, which allows for quick auditing and investigation of the event in question.