This detection rule focuses on monitoring requests to API trace endpoints, specifically `/api/v1/trace` and `/api/v1/traces`, in light of the CVE-2024-4323 vulnerability associated with Fluent Bit. The vulnerability highlights a memory corruption issue that could be exploited through malicious requests targeting these endpoints. By monitoring the outlined paths with specific HTTP methods (GET and POST), this rule aims to identify and mitigate potential exploitation attempts in real time. The SQL query retrieves logs from the Cloudflare Web Application Firewall (WAF) for the last two hours to catch any suspicious activities. If requests matching the defined pattern are identified, necessary alerts can be triggered, allowing for timely incident response to avert potential breaches. This proactive monitoring is crucial for maintaining the integrity of applications that rely on these APIs.