Product
medium
advisory
RDP (Remote Desktop Protocol) from the Internet
2 rules 3 TTPs 1 CVEThis rule detects network events indicative of RDP traffic originating from the internet, which poses a significant security risk due to its frequent exploitation as an initial access or backdoor vector.
Remote Desktop Services
command-and-control
lateral-movement
initial-access
rdp
2r
3t
1c
high
advisory
Potential Remote Desktop Shadowing Activity
3 rules 3 TTPsThis rule detects potential Remote Desktop Shadowing activity by identifying modifications to the RDP Shadow registry or the execution of processes indicative of an active RDP shadowing session that allows adversaries to spy on or control other user's RDP sessions.
Windows +1
lateral-movement
rdp-shadowing
3r
3t