First I would tell you that UserEnable and UserDisable are distinct Events in Solarwinds. So you would create your rule with these events. Then when you narrow down your filter you must make sure that you use the DestinationAccount field to filter by user , of course unless you are more interested in who performed the changes (SourceAccount then). I am assuming that you are auditing a DC? When you use your regular expression you can just use *fire* and this will be sufficient. Another cool thing you could do is create a custom list of regular expression for particular users under Build -> Groups and use this to look for a number of different patterns.
Hope this helps,
"was blind and now I SIEM"
There's no automagic way to go search to rule (or filter to rule), only filter to search. I think it might be a suggestion in the feature request area, though.
Easiest thing to do is side by side and recreate your filter/search in rules.