This detection rule identifies potential remote code execution (RCE) attempts targeting F5 BIG-IP, BIG-IQ, and Traffix SDC devices, specifically exploiting the vulnerability CVE-2020-5902. The rule employs pattern matching via regex to scrutinize syslog data for specific exploit strings, including 'hsqldb;' and malicious directory traversal patterns (e.g., '..;'). The threat posed by successful exploitation of this vulnerability is significant, as it could grant attackers the capability to execute arbitrary commands, leading to full system compromise, unauthorized access, and potential data breaches. To improve detection efficacy, it is recommended to ensure logs are ingested via syslog and to decrypt SSL traffic on management interfaces for increased visibility into potentially malicious activities. This analytic is marked as experimental and is crucial for organizations using F5 products to protect against known exploit techniques.