This detection rule is designed to identify unauthorized login attempts to the Telnet service running on an OpenCanary honeypot. OpenCanary is an open-source tool that allows users to deploy decoy services to detect potential attacks against their network. This specific rule targets the log entries generated by the Telnet service (identified through logtype 6001) when a login attempt occurs. The detection works by monitoring changes in the log files and flags any instance that matches the defined criteria. It is an important rule for detecting initial access attempts as well as signs of potential command and control activities. The rule is currently marked as experimental and has been classified with a high severity level due to the risks associated with unauthorized access attempts via Telnet. Security teams can leverage this detection policy to enhance their insight into possible adversarial tactics against their environment, particularly those that exploit outdated or less secure protocols like Telnet.