This detection rule targets the Server-Side Request Forgery (SSRF) vulnerability identified as CVE-2024-21893 affecting Ivanti Connect Secure versions. It focuses on POST requests made to specific SAML endpoints, namely `/dana-ws/saml20.ws`, `/dana-ws/saml.ws`, `/dana-ws/samlecp.ws`, and `/dana-na/auth/saml-logout.cgi`, which can potentially be exploited to gain unauthorized access to internal resources. The rule uses the Web data model to identify attempts to exploit this vulnerability through the filtration of HTTP 200 OK responses to POST requests. The presence of such requests could indicate a successful exploitation attempt, leading to potential unauthorized data access or exfiltration. Alerting on this activity is crucial for incident response teams to mitigate threats effectively.