This detection rule identifies unauthorized access attempts exploiting the Ivanti EPMM Remote Unauthenticated API Access vulnerability, specified by CVE-2023-35082. The primary target of the analytic is the URI path /mifs/asfV3/api/v2/, where successful exploitation is indicated by an HTTP 200 response status in web access logs. Detection efforts are focused on identifying instances of this API being accessed without proper authentication, which can potentially lead to unauthorized access to sensitive data or unauthorized modification of systems. The rule operates on a Suricata dataset and captures various user agent strings and request metadata to help distinguish between valid and suspicious access attempts. Effective implementation requires proper alignment with the data model supporting web access logs, ensuring the detection is engaged accurately, and adjusted as necessary for specific organizational contexts. There is a noted potential for false positives, particularly if the rule is modified to include other HTTP status codes, which may lead to incidental alerts that do not indicate true malicious attempts. Managing these alerts will be critical for incident response teams working within the Security Operations Center (SOC).