Detection rules › By eventMicrosoft-Windows-Security-Auditing event 51563 detection rules reference this event. View event page.Sigma (3)RDP over Reverse SSH Tunnel WFP severity high T1021.001, T1090.001, T1090.002 Remote PowerShell Sessions Network Connections (WinRM) severity high T1059.001 Uncommon Outbound Kerberos Connection - Security severity medium T1558.003