The rule "AWS Get Caller Identity" targets Amazon Elastic Container Services (ECS), a service offered by AWS for hosting containerized applications. The threat detection rule focuses on the discovery technique where adversaries might attempt to enumerate task definitions within ECS. Task definitions provide crucial details about how the containers are configured and run, which can lead to unauthorized access to sensitive information about the cloud environment. Specifically, this rule captures AWS CloudTrail logs relevant to the 'GetCallerIdentity' API, which is commonly used to retrieve the IAM identity and access details for the caller. Through the use of Splunk, this rule extracts various data fields including timestamps, user and account details, source IP addresses, and identity attributes, providing a comprehensive overview of suspected enumeration activities. Additionally, it employs DNS lookups for improved IP address identification and utilizes geolocation lookup to discern the geographical location of the source IP, thereby enhancing the context around the detected activity.