The Wiz Service Account Change rule is designed to monitor and detect any changes in service accounts, specifically targeting their creation, modification, or deletion. This is vital for maintaining security and compliance as service accounts often possess extensive permissions and are targeted by threat actors to gain unauthorized access to systems. The detection utilizes logs from the Wiz auditing system to identify actions such as the deletion of service accounts or the creation of new user accounts. The rule is enabled with a high severity level, as unauthorized changes can lead to significant security incidents. Logging parameters include user identity, source IP, and action status, while tests are performed to ensure proper detection of both successful and failed operations concerning service accounts.