Does Panther's detection engine invoke rules serially for each event?

Can I make an external enrichment API call within a Panther detection instead of using a custom enrichment? Why did a large number of alerts trigger at the same time from Panther? Why can't I find the detection "AWS Modify Cloud Compute Infrastructure" in the Panther Console? How can I write a Panther detection to alert me when a deactivated Okta user tries to log in? Why is my Detection returning the Rule ID instead of my title function output?