This rule is designed to detect attempts to exploit the CVE-2024-28995 vulnerability found in Solarwinds Serv-U products (FTP Server, Gateway, and MFT Server, all version 15.4). The vulnerability allows for directory traversal, which could permit an attacker to access sensitive files on the host machine via malformed HTTP requests. The detection logic utilizes a SQL query against Cloudflare's Web Application Firewall (WAF) logs to identify potentially malicious HTTP GET requests that attempt to traverse directories by manipulating the request URI. The rule employs regular expressions to identify known patterns associated with directory traversal such as encoded sequences and common directory structures. The detection specifically aims to filter events to reduce noise, suggesting that alerts should focus on successful attempts represented by status code 200. This rule can assist in identifying and mitigating risks related to unauthorized file access due to directory traversal vulnerabilities in web applications.