This detection rule identifies potential exploitation of a critical SQL injection vulnerability in Ivanti Endpoint Manager (EPM), specifically CVE-2024-29824, which has a high severity level (CVSS score of 9.8). The exploitation occurs through the `RecordGoodApp` function in the `PatchBiz.dll` file when an attacker manipulates the `goodApp.md5` value within an HTTP POST request directed at the `/WSStatusEvents/EventHandler.asmx` endpoint. Successful exploitation can lead to remote code execution on the server, making it vital to monitor for anomalous SQL commands and HTTP requests to this specific endpoint. The detection emphasizes monitoring the URI path, HTTP request method, and a response status of 200 to signify potential exploitation attempts. Implementers are encouraged to use TLS inspection and advanced network traffic analysis to ascertain if exploitation has been successful, as the malicious payload may be hidden within the request body.