This detection rule targets potential exploitation attempts on a known vulnerability in Atlassian Confluence, specifically vulnerabilities identified via the CVE-2023-22515 and CVE-2023-22518 designations. The analytic leverages data from the Nginx access logs, identifying successful HTTP requests (status 200) made to specific setup-related URL patterns associated with Confluence's web application. Key URL patterns include actions related to setup administration and restoration processes. Through a targeted search within the Splunk 'Web' Data Model, this rule aims to uncover unauthorized access patterns indicative of privilege escalation which can result in account creation with escalated privileges, leading to significant confidentiality and integrity risks. In implementing this detection, security teams are advised to filter based on destination IP addresses to minimize false positives from legitimate traffic. The detection aims to alert on any suspicious activity that could compromise the application or its data integrity.