Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
This hunting query looks for unusual remote desktop activity by monitoring TCP/3389 traffic. While RDP is common, focus on atypical connections to identify potential threats.
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | Network Session Essentials |
| ID | 6fd69768-fdf1-4cfd-805f-b243be3f0c6d |
| Tactics | LateralMovement |
| Techniques | T1021, T1021.001 |
| Source | View on GitHub |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
↑ Back to Hunting Queries · Back to Network Session Essentials