Alert: Database changes detected without reason (?)

Howdy,
I’m running a WordPress network with several subsites and NinjaFirwall WP edition (sites are not public, put in maintenance mode by WPMaintenance).

WordPress: 6.4.2, couple of standard plugins for backup, classic editing, local google fonts etc. WP code for markup cleanup and CSP upgrades.

NinjaFirewall (WP Edition) 4.5.10 ~ Security rules 2024-01-26.1

MariaDB 10.6, PHP 8.1/8.2

Recently I’m getting lots of alerts that say that “that one or more administrator accounts were modified in the database – If you cannot see any modifications in the above fields, it is possible that the administrator password was changed.” – it seems to be one mail per subsite. However, there did not seem to occur any changes, e.g. password changes etc. I have only 3 (super) users that are under my control 😉

Of course these messages should be related to the default notification option “an administrator account is created, modified or deleted in the database”. I checked phpMyAdmin, however the table does not have a change date column.

If these messages are false positives, they really seem to jeopardize the reason for notifications, because it’s easy to overlook *real* threats with the flooding of those. If they are valid warnings: how to check what’s going on here?

Thanks for advise!