03-23-2023 07:08 AM
Thank you for reaching out on LIVEcommunity!
I've read your question and i'm afraid i'm not entirely sure what you're asking. Can you please be more specific and possibly explain the use case so I can understand your goal a little better.
Thank you so much!
03-24-2023 03:20 AM
The use case is that few machines are isolated from the internet , and to connect with those machines one needs to connect via RDP so to login you have to use VPN to connect to the machine via RDP . so we need to keep record/identify permissions for those users.
03-24-2023 10:52 AM
I think I understand now. In your environment you're using a VPN to connect to a network. Once authenticated to the network via VPN then an RDP session is created to reach the machines that are not connected to the internet.
Cortex XDR has the ability for you to ingest logs from your VPN client as well as your RDP session (ensure logging is turned on for RDP). I'll walk through the steps at a high level as this is a multi-step process.
1. Ingesting the appropriate logs into Cortex XDR (VPN & RDP)
2. Parsing those logs
3. Creating correlation rules to create alerts from the logs in step 1
I'm aware this can be an extensive process especially if it's never been done before. I've included some resources above that I think will help you along your way. I'm also including a link to a webinar done recently titled "Cortex XDR Customer Success Webinar: Third-Party Logs Ingestion, Parsing, and Custom Correlation". This webinar has some demonstrations to help you through the process as well.
I hope I was able to provide with some helpful information. Feel free to respond here if you have any other questions.
Have a great day!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!