This will help you discover any new admin account activity which was seen and were not seen historically. Any new accounts seen in the results can be validated and investigated for any suspicious activities. Please note that this use case is very noisy and it is recommended to tune it regularly.
MITRE ATT&CK Tactics
Approved operational change(s)
1. Review identified AD account and validate if this change is a permitted action within your organization.
2. Investigate other activities within your network from the same originator