The detection rule 'Axonius External User Added' is designed to monitor and log the addition of external users within the Axonius platform. This rule specializes in identifying events where external users are created, as indicated by the presence of specific audit logs generated by user management actions. When an external user is added, the system logs an 'AuditAction.AddExternalUser' event under the 'AuditCategory.UserManagement'. The rule checks for this specific event to ensure visibility into potential unauthorized access incidents or compliance violations stemming from external user accounts being activated. The initiative is crucial for maintaining security protocols and ensuring only authorized external users gain access to systems through Axonius. Given the importance of monitoring user access, especially external accounts, this rule's low severity indicates a lower level of immediate threat but signals the potential for risk that adequate awareness can mitigate. The recommended action if triggered is to review and verify the authorization status of the new external user to uphold security integrity.