This rule is designed to detect brand impersonation attempts specifically targeting the password management software Dashlane. It does this by analyzing incoming email messages. The rule checks for the presence of the term 'Dashlane' in the sender's display name or email domain. If the sender’s domain is found to be similar to 'Dashlane' but does not match the trusted domain 'dashlane.com', it raises a flag. The detection is further refined by considering the sender's message profile; any sender characterized as 'new' or 'outlier', or any sender previously identified as malicious, is scrutinized unless they have been identified as a false positive. Additionally, the rule excludes domains from high-trust senders that have not passed DMARC authentication, providing a layer of protection against trusted domains that may be spoofed. By adopting these heuristics, the rule aims to effectively identify potential phishing attempts masquerading as legitimate communications from Dashlane.