Managed Sentinel – Alert 169

Alert IDMS-A169
Alert NameSuspicious RDP connections
DescriptionThis alert identifies the execution of RDP client from parent processes other than explorer.exe. This may indicate a malicious process attempting connections to remote servers.
Severity LevelMedium
Threat Indicator
MITRE ATT&CK TacticsLateralMovement
DefenseEvasion
Log sourcesSecurityEvent
False Positives
Recommendations