The rule 'Admin Role Assigned' is designed to detect instances where an admin role is manually assigned to a user account, which can be indicative of potential privilege escalation activity. The rule operates by analyzing various logs from multiple sources, including GCP, GitHub, OneLogin, Zendesk, Asana, and GSuite for events that include the assignment of administrative roles. The associated MITRE ATT&CK technique 'TA0004:T1078' emphasizes the relevance of monitoring for valid account compromise through privilege elevation. The rule also provides a runbook for follow-up actions, suggesting verification with the individual who assigned the role or the inclusion of that individual in a whitelist. Given its broad applicability across numerous log types, this rule serves as a necessary mechanism for early detection of unauthorized changes to user privileges, thus reinforcing overall cybersecurity hygiene.