The 'ZIA Cloud Account Created' detection rule identifies the event when a new cloud account is created within the Zscaler Internet Access (ZIA) environment. The rule is triggered based on specific log entries, particularly from the 'Zscaler.ZIA.AdminAuditLog' log type, and incorporates various tests to ascertain the legitimacy of the creation event based on user roles and expected outcomes. Each test checks actions performed to add users, service administrators, and auditors, focusing on their expected results (true/false). Admin actions logged include details of the creation process, confirming the account's integrity through monitoring and analysis of audit logs. If a non-planned account creation is detected, administrators should review the incident and potentially revert the changes to maintain security protocol. This rule is marked with a medium severity level due to its nature of potentially impacting cloud access privileges.