The rule "ZIA Additional Cloud Roles" monitors account changes within Zscaler's role management system specifically focusing on the creation of new cloud roles. It is vital to detect unauthorized or unexpected changes in user roles as these can lead to security breaches or unauthorized access to sensitive information. The rule captures relevant logs from the ZIA Admin Audit Log and is triggered when a new role is created. The detection logic specifically differentiates between actions related to user management and role management, assessing whether the creation of roles is intended or unauthorized. The rule includes a defined runbook that suggests immediate verification of the change and potentially reverting it if it was not planned. Proper alerts and tracking of these changes can prevent misuse and strengthen role-based access control within the organization, thereby enhancing overall security posture.