rdp_internal_external
Explanation
This NDM is designed to detect successful RDP connections that cross from the internal network to the external network. It triggers when an RDP connection is successfully established from inside the network and crosses over to the external network.
What to Look For
When examining the results of this NDM Event, look for successful RDP connections that originate from inside the network and connect to machines located outside the network. These connections may indicate a potential security breach as internal systems are being accessed from outside the network. It is recommended to investigate the source of the RDP connection and take appropriate actions to prevent unauthorized access to your network.
Related MITRE ATT&CK Categories
Updated 4 days ago