This detection rule identifies attempts to exploit CVE-2023-42793 in JetBrains TeamCity On-Premises by monitoring specific POST requests to the REST API for user tokens. The analytic utilizes the Web datamodel in Splunk, focusing on URL patterns indicative of suspicious activity. An attacker exploiting this vulnerability may attempt to execute arbitrary code, resulting in potential administrative access and possible data breaches to the TeamCity environment. The detection is set for high-risk evaluation based on the nature of the URLs accessed and the response status codes, allowing security teams to take immediate action against possible unauthorized access attempts.