rdp_scanning_internal

Suggest Edits

Explanation

The rdp_scanning_internal event is triggered when there are attempted RDP scans on the Microsoft network. This occurs when a large number of RDP requests are sent in a short period of time. It indicates that someone is trying to identify potential targets for a future cyber attack.

What to Look For

To examine the results of the rdp_scanning_internal event, look for any suspicious RDP activity in your network logs. It may be beneficial to investigate the source of the scanning and take appropriate action to secure your network against future attacks.

Related MITRE ATT&CK Categories

Remote Services, Technique T1021 - Enterprise
System Owner/User Discovery, Technique T1033 - Enterprise
Brute Force, Technique T1110 - Enterprise
Network Denial of Service, Technique T1498 - Enterprise
Endpoint Denial of Service, Technique T1499 - Enterprise

Updated 13 days ago