This rule monitors and detects changes in the ownership of Zendesk accounts, where only one admin can hold the role of account owner. It aims to ensure that any changes made to the account ownership are legitimate and expected, particularly to prevent privilege escalation through unauthorized changes. The rule extracts logs from Zendesk's audit logs which will provide records of ownership changes. When an ownership change is detected, the system checks the actor's details and compares the previous and new owners. A log entry is generated when an expected ownership change occurs, aiding in real-time oversight on account management. Reference materials are provided to help administrators understand and manage account ownership changes appropriately.