Sentinel RDP sessions

Occasional Contributor

Hello,

 

I was wondering if there was a query to identify devices (laptops/desktops) that are RDP from their device into servers. 

 

Thanks in advance!!

1 Reply

Hello @idontknowanything,

 

You need to stream logs from servers or from workstations to detect RDP sessions.