Failed Windows Remote Desktop Connection Attempt

The following splunk query example will return results on any Windows remote desktop connection attempts. This could be a result of a bad password, invalid user name, or any number of other reasons.

Ensure the Splunk App for Windows is installed grab it here: https://apps.splunk.com/app/742/

 

Windows Server 2008 and Newer:

Windows Server 2003 and Older:
Share This:

Leave A Comment?