The rule `Docusign.Connect.EnvelopeVoided` is designed to detect instances when a DocuSign envelope is voided, which could suggest potential fraud, attempts at document tampering, or misuse of the DocuSign functionality. The detection mechanism relies on monitoring the `envelope-voided` events provided by the DocuSign Connect service. A voided envelope may indicate that the user wishes to abandon the signing process or possibly engage in suspicious activities. The rule flags these occurrences particularly when there are patterns of frequent voiding by the same user, necessitating further investigation of the envelopes and user behaviors. The runbook provides a systematic approach to verify if the voiding was justified or points towards malicious intent, thereby helping maintain the integrity of document handling workflows.