This detection rule addresses a vulnerability identified as CVE-2022-22963, which is associated with Spring Cloud Function's routing functionality. An attacker can exploit this vulnerability by sending a crafted Spring Expression Language (SpEL) routing expression, leading to potential access to local resources. The rule looks for specific parameters that indicate an attempt to exploit this vulnerability based on publicly available Proof of Concept (PoC) code. The Splunk logic for this rule captures relevant POST or ALLOW requests that include the term 'spring.cloud.function.routing-expression' along with an 'exec' command, signaling suspicious activity. By leveraging data from web application firewall logs, the detection aggregates the results over a specified time frame to identify successful exploitation attempts, allowing security teams to respond quickly to potential breaches.