This detection rule identifies potential source code disclosure vulnerabilities through HTTP GET requests that include specific keywords in the URL. By searching for the keyword '.git/' in the queried URLs, the system can detect attempts to enumerate source code repositories, which may be unintentionally exposed on web servers. This type of attack is often executed by malicious users looking to gain unauthorized access to source code which can lead to further exploitation of the system. The rule leverages web server logs to monitor traffic and pinpoint requests that may indicate security concerns related to source code exposure. Resources outline real-world examples of this type of exploitation, highlighting the importance of securing web applications against such enumeration attacks. Proper response measures and mitigation strategies should be developed to address any flagged incidents.