This detection rule identifies alerts related to Medium Identity Risk Severity generated by CrowdStrike, focusing on risk scores of 55 or higher. The rule is designed to detect significant vulnerabilities in user identities, including suspicious behaviors or potential credential compromises, underscoring the importance of swiftly investigating these alerts. The detection logic employs a Splunk query that filters CrowdStrike logs for specific risk score conditions, renames critical fields for enhanced readability, and aggregates relevant statistics such as counts and timestamps for first and last occurrences. Prompt action on detected alerts is emphasized to mitigate potential security breaches and safeguard sensitive data.