This detection rule analyzes application error logs specifically from Node.js to identify potential Remote Code Execution (RCE) exploitation attempts. It focuses on errors related to process execution that arise from user input, as these instances may indicate underlying RCE vulnerabilities within the application. For effective operation, application error logs must be collected with 'LOG_LEVEL=ERROR' or higher. The rule employs keywords such as 'node:child_process' to pinpoint relevant log entries, and it categorizes any identified exceptions as high risk since they can lead to serious security breaches if not addressed. However, it is crucial to note that some legitimate errors, such as those generated from Puppeteer (a Node library for controlling headless Chrome), may falsely trigger this rule due to their inclusion of child_process errors, which does not inherently imply a vulnerability.