This analytic detection rule is designed to identify potentially malicious HTTP POST requests targeting the Spring Cloud Function, specifically those containing the substring 'functionRouter' in the URL. These requests are critical as they exploit CVE-2022-22963, a known vulnerability in the Spring Cloud Function framework that could allow attackers to execute arbitrary code on vulnerable systems. The detection operates by leveraging the Web data model in Splunk, filtering requests based on specific HTTP fields such as method type, URL, and user agent. To implement this detection successfully, system administrators need to ensure the ingestion of relevant web traffic data into the Web datamodel, allowing for effective monitoring for such suspicious activities. Additionally, organizations should carefully analyze potential false positives arising from legitimate application usage by employing appropriate filtering techniques based on destination IP or specific asset groups.