An example of the Zeek network security monitoring analysis module based on presented observations. The rule detects requests with the number of headers less than 4 and without the User-Agent header.