This detection rule targets attempts to exploit the CVE-2022-39952 vulnerability within Fortinet's FortiNAC product. It specifically focuses on HTTP POST requests made to the URI configWizard/keyUpload.jsp with an associated payload.zip. The analytic is designed to identify malicious activities leveraging the Web datamodel, filtering through relevant fields such as URL, HTTP method, and user agent. Given the serious implications of this vulnerability, which could allow remote code execution by malicious actors, this detection serves as a critical alert for potential exploitation. The exploit can lead to unauthorized access and control over the affected systems, enabling attackers to schedule harmful tasks and maintain persistence via a command and control (C2) infrastructure.