Service accounts is a necessary evil in every company of any size. Service accounts mostly unpersonalized, shared, privileged, with non expired passwords. This is a big challenge for any compliance. You can’t just prohibit service accounts operation, disable them or ignore this problem. And first step on the way of the situation improvement is to start tracking of Service accounts usage. You already have all necessary information for that in your SIEM. You just need to download and install “Service Accounts Tracker” Use Case that processes this information and visualize it in simple and actionable way.
Here how it looks like -
Link for more info - https://my.socprime.com/en/integrations/service-accounts-tracker-kibana