This detection rule identifies potential exploitation attempts of the CVE-2022-22965 vulnerability, known as Spring4Shell, which targets web servers through HTTP GET requests containing specific indicators in the URL, particularly those that suggest command execution via a JSP page. Such patterns include '".jsp?cmd="' and '"j&cmd="'. Given that this vulnerability can lead to unauthorized command execution and webshell deployment, confirming these requests indicates malicious activity that could allow attackers to gain control over the server, execute arbitrary commands, and escalate attacks, leading to significant data breaches. This analytic operates by querying the Nginx access logs integrated into Splunk's Web datamodel, allowing organizations to monitor web traffic for these specific malicious request patterns.