CyberRes

RDP Traffic Detected from Same Source to Multiple Destinations-Response Playbook

388552

RAH Infotech Partner

App Support Tiers

OpenText SUPPORTED

Support via OpenText Software Support, with a ticket filed against the associated product.

PARTNER

OpenText offers a content partnership program for select partners. Support for Partner Content offerings is provided by the partner and not by OpenText of the OpenText community.

OpenText COMMUNITY

OpenText Community Content is provided by OpenText for the benefit of customers, support for it is not available via OpenText Software Support but through specific community content forums.

COMMUNITY

Community Contributed Content is provided by OpenText customers and supported by them.

EARLY ACCESS

Show less ...Show more

The downloads referenced under the "Cybersecurity Early Access" category are made available to subscribers to mitigate time-critical issues but have not undergone formal quality and performance testing associated with official OpenText/Cybersecurity product releases. OpenText has a multi-stage Quality Assurance process. During Stage 1 we conduct a resource analysis, field mapping, ensure content level 1 functionality and analysis in our sandbox environment. Stage 2 is a complete validation including production validation. This package has cleared Stage 1 validation and therefore should be deployed with the appropriate pre-production validation. OpenText strongly recommends that any downloaded content is first checked and tested thoroughly in a non-production environment before committing to production. We welcome feedback and, should any content be shown to be faulty, detrimental or carry an incorrect claim of authorship, we shall endeavor to remove or correct such content as promptly as reasonably possible once notified and validated.

RAH Infotech | Partner

This playbook responds to suspicious RDP activity where the same source IP connects to multiple destinations, a common sign of lateral movement or automated brute-force attempts.
0 reviews
2 downloads

Share
 

Product compatibility

ArcSight SOAR

CATEGORY

ArcSight | ArcSight SOAR
  • Have questions about this item?

  • Contact us

Description

This playbook responds to suspicious RDP activity where the same source IP connects to multiple destinations, a common sign of lateral movement or automated brute-force attempts. The workflow includes automation, enrichment, and a mix of automated and analyst-driven responses to ensure accurate handling and escalation.

Releases

Release
Size
Date
RDP Traffic Detected from Same Source to Multiple Destinations-Response Playbook 1.0
92.5 KB
  |  
Mar 29, 2025
More info Less info

Reviews

0
Write a review

Write a review


RDP Traffic Detected from Same Source to Multiple Destinations-Response Playbook

RAH Infotech | Partner




Optional


Optional - 120 characters remaining


Cancel

Unsubscribe from notifications

You are receiving release updates for this item because you have subscribed to the following products:
If you unsubscribe, you will no longer receive any notifications for these products.
Tip: to update your subscription preferences, go to Manage Subscriptions from your Dashboard, uncheck the products you no longer want to receive notifications for, and click 'Save'.
Unsubscribe Cancel

Marketplace Terms of Service

In order to continue, you must accept the updated Marketplace Terms of Service
Since you are downloading an app from the OpenText Marketplace, you need to accept the updated Marketplace Terms of Service before you can continue. Use the link to review the Marketplace Terms of Service. Once complete check the, "I accept the Marketplace Terms of Service" box below and click accept to continue your download.


Accept Cancel
Your download has begun...

Your download has begun

Related content and resources

Your browser is not supported!

Please upgrade to one of the following broswers: Internet Explorer 11 (or greater) or the latest version of Chrome or Firefox

release-rel-2025-5-2-6390 | Thu May 15 15:06:37 PDT 2025