https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/user-validity-via-vpn-rdp/m-p/535554#M3918 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/203132">@NivedaR</a>,</P> <P>&nbsp;</P> <P>Thank you for reaching out on LIVEcommunity!</P> <P>&nbsp;</P> <P>I've read your question and i'm afraid i'm not entirely sure what you're asking.&nbsp; Can you please be more specific and possibly explain the use case so I can understand your goal a little better.&nbsp;&nbsp;</P> <P>&nbsp;</P> <P>Thank you so much!</P> Thu, 23 Mar 2023 14:08:04 GMT anlynch 2023-03-23T14:08:04Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/user-validity-via-vpn-rdp/m-p/535513#M3916 <P>Hello ,&nbsp;</P> <P>&nbsp;</P> <P>Is it possible to do user validity via VPN/RDP through Cortex XDR.</P> <P>Or to detect user validity.</P> Thu, 23 Mar 2023 06:44:34 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/user-validity-via-vpn-rdp/m-p/535513#M3916 NivedaR 2023-03-23T06:44:34Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/user-validity-via-vpn-rdp/m-p/535554#M3918 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/203132">@NivedaR</a>,</P> <P>&nbsp;</P> <P>Thank you for reaching out on LIVEcommunity!</P> <P>&nbsp;</P> <P>I've read your question and i'm afraid i'm not entirely sure what you're asking.&nbsp; Can you please be more specific and possibly explain the use case so I can understand your goal a little better.&nbsp;&nbsp;</P> <P>&nbsp;</P> <P>Thank you so much!</P> Thu, 23 Mar 2023 14:08:04 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/user-validity-via-vpn-rdp/m-p/535554#M3918 anlynch 2023-03-23T14:08:04Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/user-validity-via-vpn-rdp/m-p/536131#M3926 <P>Hello ,&nbsp;</P> <P>&nbsp;</P> <P>The use case is that few machines are isolated from the internet , and to connect with those machines one needs to connect via RDP so to login you have to use VPN to connect to the machine via RDP . so we need to keep record/identify permissions for those users.</P> Fri, 24 Mar 2023 10:20:14 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/user-validity-via-vpn-rdp/m-p/536131#M3926 NivedaR 2023-03-24T10:20:14Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/user-validity-via-vpn-rdp/m-p/536370#M3935 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/203132">@NivedaR</a>,</P> <P>&nbsp;</P> <P>I think I understand now.&nbsp; In your environment you're using a VPN to connect to a network.&nbsp; Once authenticated to the network via VPN then an RDP session is created to reach the machines that are not connected to the internet.</P> <P>&nbsp;</P> <P>Cortex XDR has the ability for you to ingest logs from your VPN client as well as your RDP session (ensure logging is turned on for RDP).&nbsp; I'll walk through the steps at a high level as this is a multi-step process.</P> <P>&nbsp;</P> <P>1. <A href="https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Ingest-CSV-Files-as-Datasets" target="_self">Ingesting</A> the appropriate logs into Cortex XDR (VPN &amp; RDP)</P> <P>2. <A href="https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Create-Parsing-Rules" target="_self">Parsing</A> those logs</P> <P>3. Creating <A href="https://docs-cortex.paloaltonetworks.com/r/Cortex-XSIAM/Cortex-XSIAM-Administrator-Guide/Working-with-Correlation-Rules" target="_self">correlation rules</A> to create alerts from the logs in step 1</P> <P>&nbsp;</P> <P>I'm aware this can be an extensive process especially if it's never been done before.&nbsp; I've included some resources above that I think will help you along your way.&nbsp; I'm also including a <A href="https://live.paloaltonetworks.com/t5/cortex-xdr-webinars/cortex-xdr-customer-success-webinar-third-party-logs-ingestion/ta-p/518548" target="_self">link to a webinar</A> done recently titled "Cortex XDR Customer Success Webinar: Third-Party Logs Ingestion, Parsing, and Custom Correlation". This webinar has some demonstrations to help you through the process as well.</P> <P>&nbsp;</P> <P>I hope I was able to provide with some helpful information.&nbsp; Feel free to respond here if you have any other questions.</P> <P>&nbsp;</P> <P>Have a great day!</P> Fri, 24 Mar 2023 17:52:10 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/user-validity-via-vpn-rdp/m-p/536370#M3935 anlynch 2023-03-24T17:52:10Z