Hi Chaps, I setup an alert to notify me via email whenever an RDP event log is created. This alert is working though what I am figuring out now is how to include the exact Source IP of that RDP...
See more...
Hi Chaps, I setup an alert to notify me via email whenever an RDP event log is created. This alert is working though what I am figuring out now is how to include the exact Source IP of that RDP session. What's included in the alert is the "Network Address" of that endpoint. e.g. I RDP in to 10.1xx.10.40, and it only shows the Network address in the alert; which is 10.1xx.10.1. Here's the actual email alert: _________________________________________________________ This alert is about your Log Insight installation on https://x.x.x.x/ Log Insight found the following 1 event matching the criteria for alert "A successful Windows RDP login was detected": Remote Desktop Services: User authentication succeeded: User: user1 Domain: domain1 Source Network Address: 10.1xx.10.1 Note: To avoid raising duplicate alerts, this alert will now be snoozed for the next 5 minutes (the search period for this alert). _________________________________________________________ I have been searching online and going through VRLI gui one section at a time (including the User alert settings), though I can't seem to find where to configure this. Any assistance will be greatly appreciated! Thanks mates! Sincerely, Eugene