How would you design a detection rule to identify a potential data exfiltration attempt from a secure database?