Managed Sentinel – Alert 169
| Alert ID | MS-A169 |
| Alert Name | Suspicious RDP connections |
| Description | This alert identifies the execution of RDP client from parent processes other than explorer.exe. This may indicate a malicious process attempting connections to remote servers. |
| Severity Level | Medium |
| Threat Indicator | |
| MITRE ATT&CK Tactics | LateralMovement DefenseEvasion |
| Log sources | SecurityEvent |
| False Positives | |
| Recommendations |