Techniques
Sample rules
HybridConnectionManager Service Installation
- source: sigma
- technicques:
- t1554
Description
Rule to detect the Hybrid Connection Manager service installation.
Detection logic
condition: selection
selection:
EventID: 4697
ServiceFileName|contains: HybridConnectionManager
ServiceName: HybridConnectionManager
HybridConnectionManager Service Running
- source: sigma
- technicques:
- t1554
Description
Rule to detect the Hybrid Connection Manager service running on an endpoint.
Detection logic
condition: selection and keywords
keywords:
- HybridConnection
- sb://
- servicebus.windows.net
- HybridConnectionManage
selection:
EventID:
- 40300
- 40301
- 40302