This playbook responds to suspicious RDP activity where the same source IP connects to multiple destinations, a common sign of lateral movement or automated brute-force attempts. The workflow includes automation, enrichment, and a mix of automated and analyst-driven responses to ensure accurate handling and escalation.
This playbook responds to suspicious RDP activity where the same source IP connects to multiple destinations, a common sign of lateral movement or automated brute-force attempts. The workflow includes automation, enrichment, and a mix of automated and analyst-driven responses to ensure accurate handling and escalation.
Please upgrade to one of the following broswers: Internet Explorer 11 (or greater) or the latest version of Chrome or Firefox