This detection rule aims to identify potential exploitation attempts of a specific vulnerability (CVE-2023-29357) affecting Microsoft SharePoint Server. This vulnerability may allow attackers to escalate privileges within the SharePoint environment, potentially leading to unauthorized access to sensitive information and a broader compromise of the server. The rule utilizes the Splunk Web datamodel to monitor pertinent API calls and HTTP methods that are indicative of such privilege escalation attacks. By tracking request patterns involving user information retrieval, the analytics can flag potentially malicious events that warrant further investigation.