Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Adversaries may use valid accounts to log into a computer using the Remote Desktop Protocol (RDP). The adversary may then perform actions as the logged-on user. FIN10, for example, has used RDP to move laterally to systems in the victim environment.
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | UEBA Essentials |
| ID | c01d95d3-ee85-4e7f-9aed-e62356f1de76 |
| Tactics | LateralMovement |
| Techniques | T1021 |
| Required Connectors | BehaviorAnalytics |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
BehaviorAnalytics |
✓ | ✗ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊