The detection rule identifies suspicious user-agent strings that are commonly associated with reconnaissance and scanning tools used by attackers. It targets user-agents like 'Wfuzz/', 'WPScan v', 'Recon-ng/v', and 'GIS - AppSec Team - Project Vision', which are typically employed in web application security assessments and could indicate malicious activities. The rule applies to logs generated by web servers, making it essential for monitoring web traffic and identifying potential reconnaissance attempts by adversaries aiming to exploit vulnerabilities. The detection logic is straightforward; it looks for the specified user-agent strings in the request header. Adjustments for false positives are acknowledged since legitimate tools may use these user-agents in benign contexts. The rule has been referenced from established repositories and community tools, further validating its relevance to security teams prioritizing web application defenses.