This detection rule is geared towards identifying potential abuse of passwordless authentication mechanisms in Auth0, a popular platform for managing user identities. Threat actors often exploit these systems by excessively requesting authentication codes or links in attempts to gain unauthorized access or execute phishing operations. This rule monitors events where either a passwordless login code or a link is reported as sent from the authentication service. By analyzing the volume and frequency of these requests, the detection logic can discern between legitimate user activity and potential malicious intent, which is crucial in environments sensitive to unauthorized access attempts. The rule uses filter criteria to look for entries where the event type indicates a passwordless login process. The final data is aggregated and displayed with relevant contextual attributes like timestamps, user details, and geographical information, aiding security analysts in their investigation.