The rule is designed to detect brand impersonation attempts targeting the staffing and talent solutions company Aquent. It primarily analyzes incoming email messages for signs of impersonation by checking the sender's display name for references to 'Aquent' and examining the content of email bodies for specific language and address details associated with Aquent. The rule flags an email if it meets criteria such as containing phrases from known addresses like '2884 Sand Hill Road, Menlo Park, CA' or '501 Boylston St, Boston, MA', which are indicative of Aquent's branding. The analysis includes a check to ensure the sender's domain is not part of known legitimate domains related to the company or its partners. Additionally, it negates emails that are replies or forwards and those that originate from certain security review domains to avoid false positives. The detection is structured to capture business email compromise (BEC) attempts and credential phishing incidents by focusing on social engineering tactics utilized by attackers.