Identifying malicious Remote Desktop Protocol (RDP) connections with Elastic Security
Tags
country: United States Of America
attack-pattern: Data Model Exploitation Of Remote Services - T1428 Remote Desktop Protocol - T1021.001 Software - T1592.002 Ssh - T1021.004 Tool - T1588.002 Exploitation Of Remote Services - T1210 Remote Desktop Protocol - T1076 Exploitation Of Remote Services
Show in Graph
Common Information
Type Value
UUID 1ed1968f-2d89-4378-9578-cd944bc67d21
Fingerprint 843c4d59b9f1ee25
Analysis status DONE
Considered CTI value 0
Text language
Published July 28, 2023, midnight
Added to db July 28, 2023, 5 p.m.
Last updated Nov. 2, 2024, 10:48 p.m.
Headline Identifying malicious Remote Desktop Protocol (RDP) connections with Elastic Security
Title Identifying malicious Remote Desktop Protocol (RDP) connections with Elastic Security
Detected Hints/Tags/Attributes 36/2/3
Source URLs
Redirection Url
Details Source https://www.elastic.co/blog/remote-desktop-protocol-connections-elastic-security
URL Provider
Details Provider Source level domain
Details elastic.co www.elastic.co
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 305 Elastic Blog - Elasticsearch, Kibana, and ELK Stack https://www.elastic.co/blog/feed 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 5 
logs-endpoint.events
Details Domain 75 
user.name
Details File 1 
session_info.log