We would like the Solar Winds Security Event Manager to add two new connectors to be able to monitor two additional specifc logs on Windows machines. These are standard Windows evtx logs, and the names and paths of these logs are as follows:
Names:
Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational
Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Admin
Paths:
%SystemRoot%\System32\Winevt\Logs\Microsoft-Windows-RemoteDesktopServices-RdpCoreTS%4Operational.evtx
%SystemRoot%\System32\Winevt\Logs\Microsoft-Windows-RemoteDesktopServices-RdpCoreTS%4Admin.evtx
These logs contain specfic information related to Remote Desktop connections to Windows Systems (information that is NOT included in the standard Windows logs and Teminal Service logs), including source IP addresses, and this info could be very useful in trying to get alerts related to malicious Remote connection attempts.
