Product
high
advisory
Windows Remote Desktop Network Bruteforce Attempt
2 rules 1 TTPThis detection identifies potential RDP brute force attacks by monitoring network traffic for RDP application activity by detecting source IPs that have made more than 10 connection attempts to the same RDP port on a host within a one-hour window.
Secure Access Firewall +3
rdp
bruteforce
credential-access
windows
network
2r
1t
high
advisory
Outbound SMB Traffic Detection
2 rules 1 TTPThis analytic detects outbound SMB connections from internal hosts to external servers, potentially indicating lateral movement and credential theft attempts.
Secure Firewall Threat Defense +4
network
smb
lateral-movement
privilege-escalation
2r
1t