This detection rule targets CVE-2022-26134, a critical unauthenticated remote code execution vulnerability found in Confluence software. The exploit allows unauthenticated users to execute arbitrary code on affected systems, posing severe risks including unauthorized access and potential data exfiltration. The analytic utilizes the Web datamodel to surface suspicious URL patterns and log parameters indicative of exploitation attempts, such as URLs containing references to the Java runtime and associated commands. By analyzing web logs, this rule aims to surface malicious activities that attempt to exploit the noted vulnerability. Organizations relying on Confluence must pay close attention to such activities, as they can facilitate deeper network intrusions and require immediate remediation efforts upon detection.