This detection rule addresses the Confluence CVE-2023-22515 vulnerability, which allows unauthorized users to gain escalated privileges within the Confluence server application. It primarily focuses on identifying exploitation attempts by logging HTTP GET requests to specific vulnerable endpoints that end with selected query parameters. The detection leverages the 'Web' Data Model in Splunk to pinpoint successful accesses that result in HTTP status 200 responses, which indicates potential exploitation activities, including unauthorized access or privilege escalation attempts. The effectiveness of this detection depends significantly on the accuracy of the ingested web traffic data, hence legitimate applications might cause false positives, warranting careful tuning and filtering of the monitored endpoints.