This detection rule is designed to monitor HTTP GET requests received by HTTP services on OpenCanary nodes. OpenCanary acts as a low-interaction honeypot, allowing organizations to simulate various services and track malicious activities targeting those services. When an HTTP GET request is detected on an OpenCanary instance, it signifies possible reconnaissance or attacks from an external actor attempting to interact with the hosted service. This rule utilizes logs from OpenCanary with a specific logtype of 3000 to determine whether an HTTP GET request has occurred, offering a proactive way to identify unauthorized access attempts. As cyber threats evolve, initial access methods such as exploiting misconfigured or insecure services earmark potential vulnerabilities that must be addressed. Organizations can leverage this rule to enhance their monitoring capabilities and respond to suspicious activities promptly. Given its high severity level, attention should be directed towards configuring alerts appropriately and correlating this detection with other security events for comprehensive threat management.