The Ivanti Sentry Authentication Bypass analytic detects unauthorized access attempts to the System Manager Portal of Ivanti Sentry by leveraging the known vulnerability CVE-2023-38035. It monitors specific HTTP requests directed at endpoints related to the service configuration within Ivanti Sentry while verifying that these requests return an HTTP status code of 200. The detection is essential for security operations centers (SOCs) as it highlights potential unauthorized access that could allow attackers to execute commands on the operating system with root privileges. If the detected behavior is confirmed malicious, it could lead to severe consequences, including system compromise and data breaches, particularly when port 8443 is exposed to external threats. The analytic implementation requires that web-related data from network products like Suricata is accurately mapped to a Web datamodel for effective operation.