If you're looking to fine-tune your detections for the authentication bypass for Ivanti Pulse Connect Secure (CVE-2023-46805), the best way is to send a POST request to /api/v1/totp/user-backup-code/../../system/platform?operation=testConnectivity
If the response has "Destination host", it is vulnerable.
Detection mechanisms that infer based on a 403 response are false positive prone.
Write up coming soon to add more color.