rdpbrute_external

Explanation

This event is triggered by Netography's Fusion Portal when it detects a brute force password guessing attack against Microsoft Remote Desktop Protocol (RDP). This event specifically looks for activity from the Internet toward Internet facing RDP servers on your network.

What to Look For

Brute Force Attacks on RDP servers that are open to the Internet are quite commonplace, as many attackers scan the Internet for these endpoints. Ensure that strong passwords and/or multi-factor authentication are in use to prevent successful attacks. Check network logs for additional information and review endpoint security to ensure that sensitive information is secure.

Related MITRE ATT&CK Categories

Brute Force, Technique T1110 - Enterprise

External Remote Services, Technique T1133 - Enterprise