LetsDefend Monitoring Alert
RDP Brute Force Detected
Mar, 07, 2024, 11:44 AM
Event ID: 234
Event Time: Mar, 07, 2024, 11:44 AM
Rule Name: SOC176 - RDP Brute Force Detected
Alert Type: Brute Force
MITRE Technique:
T1059 - Execution - Command and Scripting Interpreter,
T1110 - Credential Access - Brute Force,
T1087 - Discovery - Account Discovery,
T1078 - Initial Access - Valid Accounts,
T1078.002 - Initial Access - Valid Accounts: Domain Accounts,
T1059.003 - Execution - Command and Scripting Interpreter: Windows Command Shell,
Severity: Medium
Security Analyst