Forum Discussion
how to monitor failed rdp login activity for authorized user and wrong passowrd
how to monitor failed rdp login activity for authorized user and wrong passowrd as no Event Id 4625 is not generated for this condition Event Id 4625 is generated for rdp activity for user not ex...
deepak198486 you should definitely be seeing event id 4625 generated on the machine you are trying to RDP to, I just tested it and can see a failed logon showing in Sentinel. You should also get an event id 4771 on a domain controller. Are you definitely ingesting all the events into Sentinel?
yes we are i even tested on my machine..The event id 4625 is not logged when authorized user with wrong password tries to rdp