Failed Windows Remote Desktop Connection Attempt

The following splunk query example will return results on any Windows remote desktop connection attempts. This could be a result of a bad password, invalid user name, or any number of other reasons. Ensure the Splunk App for Windows is installed grab it here: https://apps.splunk.com/app/742/   Windows Server 2008 and Newer:

Windows Server 2003 and […]

Continue Reading →

Failed Attempt to Initiate Remote Desktop Session

This splunk query will return any failed attempts initiated by users to launch an RDP (remote desktop) session in a Windows environment. Ensure the Splunk App for Windows is installed grab it here: https://apps.splunk.com/app/742/ Windows Server 2008 and Newer:

Windows Server 2003 and Older:

Continue Reading →