class “set up an alert if root user logged in”.

 I think it failed because you put the parameter to >= 1. so if it happens 1 time then it would shouldn’t technically alert. but if you put it > 0, when the root logs in, the count turns to 1 generating the alert. Also, we don’t have root access in the sandbox.