Sometimes listing out the show/intrusions command can be tricky and lengthy to try and see if a user has been set as an intruder.
To overcome this easily, simply PIPE a SEARCH command through the show/intrusions command.
So for example you can use the following command to make analyzing the intrusions a lot easier.
$ PIPE show/intrusions | search sys$input "your search string"