Azure Service Bus Connection String

Detects Azure Service Bus connection string patterns. This pattern is based on a Microsoft Purview built-in sensitive information type. Users already running Purview may prefer to enable the built-in SIT directly, or use this version as a starting point for customisation.

Type

regex

Engine

universal

Confidence

high

Confidence justification

High confidence: sb:// endpoint combined with SharedAccessKeyName and SharedAccessKey parameters is structurally unique to Azure Service Bus. Added context gating and exclusion rules improve precision and reduce incidental matches.

Detection quality

Verified

Jurisdictions

global

Regulations

Criminal Code Act 1995 (Cth)

Frameworks

CIS Controls, ISO 27001, NIST CSF, PCI-DSS, SOC 2

Data categories

credentials, security

Scope

specific

Risk rating

10

Platform compatibility

Purview: Compatible, GCP DLP: Compatible, Macie: Compatible, Zscaler: Compatible, Palo Alto: Compatible, Netskope: Compatible

Pattern

Endpoint=sb://[^;]+;SharedAccessKeyName=[^;]+;SharedAccessKey=[A-Za-z0-9+/=]+

Corroborative evidence keywords

Service Bus, servicebus, Endpoint, SharedAccessKeyName, SharedAccessKey, queue, topic, namespace, api key, api_key, apikey, access key, access token, auth token, authorization, bearer, conn str, connection string, connectionstring, cookie (+45 more)

Proximity: 300 characters

Should match

• Endpoint=sb://mynamespace.servicebus.windows.net;SharedAccessKeyName=RootManageSharedAccessKey;SharedAccessKey=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA== — Service Bus connection string with root manage key
• Endpoint=sb://test-ns.servicebus.windows.net;SharedAccessKeyName=sendpolicy;SharedAccessKey=0000000000000000000000000000000000000000== — Service Bus send-only policy connection string
• Endpoint=sb://prod.servicebus.windows.net;SharedAccessKeyName=listen;SharedAccessKey=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijkl== — Service Bus listen policy connection string

Should not match

• Endpoint=sb://mynamespace.servicebus.windows.net — Service Bus endpoint without credentials
• Endpoint=https://myapp.azurewebsites.net;SharedAccessKeyName=test — Non-Service Bus endpoint
• template example placeholder record identifier — Template/sample context should be excluded even when anchor words are present

Known false positives

• Service Bus documentation with placeholder connection strings. Mitigation: Check for common placeholder values and documentation context.
• Development or test namespace connection strings. Mitigation: Flag for review regardless since connection strings reveal infrastructure details.

References

• Azure Service Bus connection string entity definition - Microsoft Learn