This detection rule identifies and responds to medium-severity findings from AWS GuardDuty. GuardDuty is a threat detection service that continuously monitors for malicious or unauthorized behavior to help protect AWS accounts, workloads, and data. This specific rule targets events flagged as medium severity, commonly indicative of potential privilege escalation scenarios, such as IAM users attempting to increase their permissions. The findings are characterized by key attributes including severity, type, title, and details on affected AWS resources, which allow for a multifaceted understanding of the context in which potential threats arise. Upon detection of such events, the rule suggests searching through related logs to determine the root cause and involves utilizing the AWS documentation for further insight into the findings. This aids security teams in assessing risks and responding strategically to enhance compliance and security posture.