diff --git a/website/docs/r/cse_outlier_rule.html.markdown b/website/docs/r/cse_outlier_rule.html.markdown
index ba5999e3..e5737cbe 100644
--- a/website/docs/r/cse_outlier_rule.html.markdown
+++ b/website/docs/r/cse_outlier_rule.html.markdown
@@ -10,30 +10,37 @@ Provides a Sumo Logic CSE [Outlier Rule](https://help.sumologic.com/docs/cse/rul
 
 ## Example Usage
 ```hcl
-resource "sumologic_cse_first_seen_rule" "first_seen_rule" {
+resource "sumologic_cse_outlier_rule" "outlier_rule" {
+  name = "Spike in Login Failures from a User"
+  enabled = true
+  severity = 4
+  is_prototype = false
+  summary_expression = "Excessive count of failure login events identified for user: {{user_username}} based on daily historic activity"
+
   aggregation_functions {
-  		name = "total"
-  		function = "count"
-  		arguments = ["true"]
+    name = "current" 
+    function = "count"
+    arguments = ["true"]
   }
-  baseline_window_size   = "1209600000" // 14 days
-  description_expression = "Spike in Login Failures - {{ user_username }}"
-  enabled                = true
+  group_by_fields = ["user_username"]
+  
+  window_size = "T24H"
+  baseline_window_size = 604800000  
+  retention_window_size = 7776000000
+
+  floor_value = 10
+
+  name_expression = "Spike in Login Failures from a User"
+  description_expression = "Detects excessive failed login attempts for the same username based on a daily outlier standard deviation for said user. This is designed to catch both slow and quick brute force type attacks using a user specific historic baseline. The minimum floor of failures expected by default is set to 10."
+  match_expression = "objectType = 'Authentication'\nAND normalizedAction = 'logon'\nAND success = false"
+  deviation_threshold = 2
+
   entity_selectors {
     entity_type = "_username"
     expression = "user_username"
   }
-  floor_value            = 0
-  deviation_threshold    = 3
-  group_by_fields        = ["user_username"]
-  is_prototype           = false
-  match_expression       = "objectType=\"Authentication\" AND success=false"
-  name                   = "Spike in Login Failures"
-  name_expression        = "Spike in Login Failures - {{ user_username }}"
-  retention_window_size  = "7776000000" // 90 days
-  severity               = 1
-  summary_expression     = "Spike in Login Failures - {{ user_username }}"
-  window_size            = "T24H"
+
+  tags = ["_mitreAttackTactic:TA0006", "_mitreAttackTechnique:T1110"]
 }
 ```
 ## Argument Reference