This detection rule is intended to monitor and alert on the running status of the Hybrid Connection Manager service within a Windows environment. The Hybrid Connection Manager is a component associated with Azure Service Bus and facilitates connections through hybrid applications. This rule specifically detects event IDs related to this service, namely 40300, 40301, and 40302, which indicate the service's operational metrics and activities. The rule employs a selection condition based on these event IDs coupled with keywords relevant to Hybrid Connections, such as 'HybridConnection', 'sb://', and other identifiers linked to the Azure Service Bus. It is critical for cybersecurity practitioners to be aware of this service as it can potentially be exploited if misconfigured or run unexpectedly on endpoints. However, the rule does account for legitimate uses of the Hybrid Connection Manager, especially in environments leveraging Azure function apps, to minimize false alerts.