I want to create a triggered alert for when an inactive user suddenly becomes active. Ideally, it would be used for a multitude of applications (i.e., AD or Microsoft 365). I've searched around and couldn't find anything pertinent to this. If anyone has anything like this setup already please feel free to chime in! My first guess would be to create a lookup to get things started? Any sort of guidance would be greatly appreciated!
https://www.splunksecurityessentials.com/
check this.