IT alert: Notify SOC analysts of admin RDP connections
IT alert: Notify SOC analysts of admin RDP connections
IT analysts miss admin RDP logins hidden in noisy alerts, causing delayed triage. Capture user, source IP and timestamp so SOC analysts get actionable details within minutes to triage incidents.
Overview
Missed admin RDP sessions create blind spots that delay incident response and risk escalations. Route parsed user, source IP and timestamp into SOC channels and PagerDuty so analysts receive actionable context within minutes and can start triage immediately.
Notable Features
- Extract user, source IP, timestamp
- Filter for local administrators group
- Notify SOC analysts via Slack and email