This detection rule focuses on identifying attempts to exploit the Jenkins Arbitrary File Read vulnerability, identified as CVE-2024-23897. The rule is designed to detect HTTP POST requests made to Jenkins server URLs containing the pattern "*/cli?remoting=false*" that return a 200 HTTP status code. The successful execution of these requests suggests unauthorized access to potentially sensitive files stored on the Jenkins server, including credentials and private keys. If exploited, this vulnerability could lead to significant data breaches and unauthorized access to the Jenkins environment, placing the integrity and confidentiality of affected systems at risk. Hence, early detection and response to such activities are critical to mitigating the associated risks.