diff --git a/detection-rules/impersonation_recipient_sld_in_sender_local_fts.yml b/discovery-rules/impersonation_recipient_sld_in_sender_local_fts.yml
similarity index 100%
rename from detection-rules/impersonation_recipient_sld_in_sender_local_fts.yml
rename to discovery-rules/impersonation_recipient_sld_in_sender_local_fts.yml
diff --git a/insights/sender/recipient_sld_in_sender_local.yml b/insights/sender/recipient_sld_in_sender_local.yml
new file mode 100644
index 00000000000..7c6b8d7bfc3
--- /dev/null
+++ b/insights/sender/recipient_sld_in_sender_local.yml
@@ -0,0 +1,14 @@
+name: "Recipient SLD in sender's email address local part"
+description: |
+  The sender's email address local part contains the recipient's SLD.
+type: "query"
+source: |
+  type.inbound
+  and any(recipients.to,
+        (
+          strings.contains(sender.email.local_part, .email.domain.sld)
+          // checking to ensure no FPs, like "me" in "me.com"
+          and length(.email.domain.sld) > 3
+        )
+    )
+severity: "medium"