The 'Zendesk.UserRoleChanged' detection rule monitors changes to user roles within the Zendesk platform. It is particularly focused on capturing any updates that may involve escalating or de-escalating user permissions, which can have significant implications for account security and data access. The rule is enabled and has a log type of 'Zendesk.Audit', allowing it to track relevant audit logs to detect when a user's role has been changed. The severity of the alerts generated by this rule is categorized as 'Info', indicating that while the changes may not immediately suggest malicious activity, they are important for monitoring account privileges. The rule is configured to deduplicate alerts for the same change within a 60-minute window. A reference link is provided for administrative context from Zendesk's support documentation, showcasing best practices for managing user roles and access. The tests defined for this rule validate scenarios to ensure that the detection works properly, including confirmation of a change from Administrator to End User and the expected outcomes when roles are not altered. This setup provides a layer of visibility to track user role changes closely, helping maintain oversight on the management of user access and permissions within the Zendesk ecosystem.