Remote Desktop Network Bruteforce

Description

This search looks for RDP application network traffic and filters any source/destination pair generating more than twice the standard deviation of the average traffic.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Security Monitoring

Category

Malware,

Alert Volume

This search looks for RDP application network traffic and filters any source/destination pair generating more than twice the standard deviation of the average traffic.

SPL Difficulty

None

Journey

Stage 1

MITRE ATT&CK Tactics

Lateral Movement

MITRE ATT&CK Techniques

Remote Services

Remote Desktop Protocol

MITRE Threat Groups

APT1
APT3
APT39
APT41
Axiom
Blue Mockingbird
Chimera
Cobalt Group
Dragonfly 2.0
FIN10
FIN6
FIN8
Lazarus Group
Leviathan
OilRig
Patchwork
Silence
Stolen Pencil
TEMP.Veles
Wizard Spider
menuPass

Kill Chain Phases

Reconnaissance
Delivery

Data Sources

Network Communication

   Help

Remote Desktop Network Bruteforce Help

You must ensure that your network traffic data is populating the Network_Traffic data model.

   Search

Open in Search