Hi @M00nshine ,
For some reason, the 2nd rule won't run, as if it's disabled. I have read online previously that auto-generated "mails" won't be picked up by transport rules, which may explain it, however I'm not confident of that.
True, system generated messages won't be processed by mail flow rules (previously called "transport rules"). See Mail flow rules (transport rules) in Exchange Online:.)
With this being said, for the requirement you described, seems to me that it's not feasible to send a customized notification mail as you intended to do in the 2nd rule. However, I am assuming that you can try adding the action "Generate incident report and send it to" in the original rule and set the security team as the recipient, so that an auto generated notification report can be sent to the security team with some chosen properties.
I tried testing in my lab tenant by adding this action into an existing rule "RuleForTest", and chose to include the "Recipients" and "RuleDetections", the specified group can receive a report like below:
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.