User validity via VPN /RDP.

Showing results for 
Show  only  | Search instead for 
Did you mean: 

User validity via VPN /RDP.

L2 Linker

Hello , 


Is it possible to do user validity via VPN/RDP through Cortex XDR.

Or to detect user validity.


L4 Transporter

Hi @NivedaR,


Thank you for reaching out on LIVEcommunity!


I've read your question and i'm afraid i'm not entirely sure what you're asking.  Can you please be more specific and possibly explain the use case so I can understand your goal a little better.  


Thank you so much!

Hello , 


The use case is that few machines are isolated from the internet , and to connect with those machines one needs to connect via RDP so to login you have to use VPN to connect to the machine via RDP . so we need to keep record/identify permissions for those users.

Hi @NivedaR,


I think I understand now.  In your environment you're using a VPN to connect to a network.  Once authenticated to the network via VPN then an RDP session is created to reach the machines that are not connected to the internet.


Cortex XDR has the ability for you to ingest logs from your VPN client as well as your RDP session (ensure logging is turned on for RDP).  I'll walk through the steps at a high level as this is a multi-step process.


1. Ingesting the appropriate logs into Cortex XDR (VPN & RDP)

2. Parsing those logs

3. Creating correlation rules to create alerts from the logs in step 1


I'm aware this can be an extensive process especially if it's never been done before.  I've included some resources above that I think will help you along your way.  I'm also including a link to a webinar done recently titled "Cortex XDR Customer Success Webinar: Third-Party Logs Ingestion, Parsing, and Custom Correlation". This webinar has some demonstrations to help you through the process as well.


I hope I was able to provide with some helpful information.  Feel free to respond here if you have any other questions.


Have a great day!

  • 3 replies
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!