This analytic rule is designed to detect AssumeRole events in AWS where an Identity and Access Management (IAM) role from a different AWS account is accessed for the first time. The detection mechanism involves analyzing AWS CloudTrail authentication logs to compare the account IDs of the requester and the requested role. If a request is made to assume a role in another AWS account that has not been previously accessed, this is flagged as a possible unauthorized cross-account access attempt. Such activity may signify lateral movement or privilege escalation, where an attacker could potentially gain unauthorized access to resources in another account, leading to risks such as data exfiltration or service disruptions. The rule aims to enhance security by identifying new cross-account activities that could indicate malicious intent, allowing for timely investigation and response.