The rule 'Correlation by User and Risk' is designed to identify users exhibiting high-risk behavior through a calculation of risk scores derived from their actions within the network. It aggregates risk scores linked to unauthorized access or suspicious behaviors and flags users whose cumulative risk score exceeds 80, allowing security teams to prioritize their investigations. Utilizing the `risk_index`, the analytic applies filtering to focus solely on significant user actions and responses, ensuring that security resources are deployed effectively against potential insider threats and unauthorized attempts to access sensitive information. Given that this rule is marked as deprecated, users are advised to consider alternative solutions or updates that align with current security practices. Furthermore, while false positives are acknowledged, the nature of the resulting alerts varies, hinging on the context of the specific security incident, necessitating thorough investigation of notable events arising from rule triggers.