You're on the right track with your thinking, so it's details. The default rule is correlating off the [Auditable Group Events] Event Group, so you'll want to use the same Event Group for the SourceAccount field.
I think something like this would work:
