This detection rule is designed to identify requests made to SNMP (Simple Network Management Protocol) services running on OpenCanary nodes. Specifically, it monitors the traffic for OID (Object Identifier) requests that indicate potential exploration or exploitation attempts against networked devices. Given the purpose of SNMP in managing network devices, unauthorized OID requests can signify reconnaissance activities, hence the relevance of tracking such events. The rule utilizes logs generated by OpenCanary’s SNMP service, specifically targeting log messages categorized under log type 13001. The severity is marked as high due to the nature of such requests potentially indicating malicious intentions. The detection aims to raise alerts for instances that conform to the specified criteria, offering a proactive defense mechanism in environments monitored by OpenCanary.