The MOVEit vulnerability, identified as CVE-2023-34362, is a critical SQL injection flaw in the MOVEit Transfer web application that allows attackers to execute remote code and access sensitive database information. Discovered in 2023, and potentially exploited since 2021, it has been targeted by the ransomware group Cl0p. Organizations investigating this vulnerability face challenges due to insufficient log data from the default settings of MOVEit software, which often lack detailed evidence of exploitation activities. Observability data, such as traces and spans, can complement these logs to provide deeper insights into potential compromises. Tools like Dynatrace offer the ability to query observability data using DQL, enabling the detection of exploitation activity indicated by unusual patterns, such as the presence of the web shell human2.aspx. Despite the limitations of traditional logs, the integration of observability data enhances the ability to trace and understand the extent of exploitation, offering a more comprehensive approach to cybersecurity investigations.