This analytic rule detects and analyzes attempts to exploit the ConnectWise ScreenConnect CVE-2024-1709 vulnerability, which facilitates authentication bypass through alternate access points. The detection utilizes logs from web requests to pinpoint interactions with the SetupWizard.aspx page, where unsuccessful authentication attempts are indicative of potential exploit attempts. The significance of this threat lies in the possibility of unauthorized administrative access along with remote code execution, enabling attackers to gain extensive control over compromised systems. The recommended action is to upgrade to version 23.9.8 or higher to mitigate the risks exposed by this vulnerability. This rule incorporates detection logic tailored for Suricata, ensuring effective monitoring and alerting for these high-risk activities within web server environments.