MS.RDP.Connection.Brute.Force
Description
This indicates detection of an attempted brute force attack on Microsoft Remote Desktop Protocol (RDP).
The attack consists of multiple RDP requests intended to conduct a brute force RDP login, launched at a rate of about 2000 times in 10 seconds.
Affected Products
Microsoft Remote Desktop Protocol
Impact
Impact of a successful attack could vary, with the worse case being a system compromise.
Recommended Actions
Adjust the threshold to your network.
Monitor the traffic from that network for any suspicious activity.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2019-04-03 | 14.585 | Sig Added |