This detection rule targets a critical remote code execution (RCE) vulnerability (CVE-2023-22527) in outdated versions of Atlassian Confluence Data Center and Server. The rule is designed to identify exploitation attempts through template injection via OGNL (Object-Graph Navigation Language) on the vulnerable '/template/aui/text-inline.vm' endpoint. It focuses on POST requests that return HTTP status codes 200 or 202, which could signify successful exploitation. If attackers successfully exploit this vulnerability, they can execute arbitrary code remotely, potentially leading to full control over the Confluence instance, data breaches, and further network intrusions. The implementation of this rule aids in the quick detection of such exploitation attempts, allowing organizations to take immediate action to patch affected systems and mitigate associated risks.