rdp_scanning_inside_to_outside
Explanation
The rdp_scanning_inside_to_outside NDM is designed to detect any Microsoft Remote Desktop Protocol (RDP) scanning that originates from inside a network and moves to outside the network.
What to Look For
To examine the results of the rdp_scanning_inside_to_outside Event, customers should look for any indications of RDP scanning originating from inside their network and attempting to move outside. They should investigate any anomalies or suspicious activity on their network related to RDP scanning and take appropriate remedial action.
Related MITRE ATT&CK Categories
Remote Services, Technique T1021 - Enterprise
System Owner/User Discovery, Technique T1033 - Enterprise
Brute Force, Technique T1110 - Enterprise
Updated about 1 month ago