This detection rule targets a specific vulnerability known as CVE-2021-26084, which is an OGNL injection vulnerability in Confluence Server and Data Center instances. The vulnerability can allow both authenticated and potentially unauthenticated users to execute arbitrary code on the vulnerable system. The rule aims to identify potentially malicious HTTP POST requests that target various Confluence URIs associated with user functionalities and page templates. By capturing this data, the rule alerts on attempts to exploit this vulnerability before they can cause damage or lead to unauthorized access. Utilizing data from web application firewall logs, the rule aggregates pertinent HTTP request data and enriches it with geolocation information based on the source IP address, thereby enabling effective monitoring and response to potential exploits against Confluence instances.