Open for Voting

Connectors for RemoteDesktopServices-RDPCoreTS logs.

We would like the Solar Winds Security Event Manager to add two new connectors to be able to monitor two additional specifc logs on Windows machines.  These are standard Windows evtx logs, and the names and paths of these logs are as follows:

Names:

Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational

Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Admin

Paths:

%SystemRoot%\System32\Winevt\Logs\Microsoft-Windows-RemoteDesktopServices-RdpCoreTS%4Operational.evtx

%SystemRoot%\System32\Winevt\Logs\Microsoft-Windows-RemoteDesktopServices-RdpCoreTS%4Admin.evtx

These logs contain specfic information related to Remote Desktop connections to Windows Systems (information that is NOT included in the standard Windows logs and Teminal Service logs), including source IP addresses, and this info could be very useful in trying to get alerts related to malicious Remote connection attempts.