# gotoresolve\_usage

**Explanation**

This NDM looks for the usage of GoToResolve, a remote support and screen-sharing tool. When any activity related to GoToResolve is detected on the network or endpoint, this event triggers and alerts security personnel.

**What to Look For**

When examining the results of this NDM event, look for any suspicious activity related to the use of GoToResolve. Check for signs of unauthorized remote access or screen-sharing activity, as these could indicate a potential security breach. Ensure that all usage of GoToResolve is authorized and properly documented in your organization.

**Related MITRE ATT\&CK Categories**

[Exfiltration: Exfiltration Over Alternative Protocol, Technique T1048 - Enterprise](https://attack.mitre.org/techniques/T1048)

[Initial Access, Persistence: External Remote Services, Technique T1133 - Enterprise](https://attack.mitre.org/techniques/T1133)