This analytic detection rule identifies instances where an administrator logs into Cisco Duo using a browser other than Chrome, considered unusual based on typical access patterns. The rule processes Duo activity logs collected via the Cisco Security Cloud App and specifically filters for admin login actions performed from non-Chrome browsers. By renaming and aggregating fields such as user, browser, IP address, and location, the analytic flags potentially suspicious access attempts that deviate from standard operating conditions. This is crucial for Security Operations Center (SOC) activities, as unexpected browser usage may indicate potential threats including credential compromise, session hijacking, or usage of unauthorized devices. Early identification helps mitigate risks associated with privilege escalation or unauthorized changes that compromise sensitive administrative accounts, which could drastically affect an organization's security posture. The detection also incorporates interactive drill-down searches to provide additional context and risk event data for further investigation.