The 'Teleport Create User Accounts' rule is designed to detect manual user account management events within a Teleport environment, specifically focusing on the creation, modification, or deletion of user accounts. This rule tracks significant actions performed by users, emphasizing the need to monitor for potential unauthorized or unnecessary account manipulations that could indicate attempts at persistence within the system. It evaluates logs generated by the Gravitational Teleport Audit platform and is crucial for maintaining the integrity and security of the user account management process. You can expect alerts from this rule when actions are initiated that could affect user access permissions. The rule applies a 15-minute deduplication period to prevent multiple alerts for the same event, streamlining the incident response process while enhancing visibility into account changes that could pose security risks.