Hi @NivedaR,
I think I understand now. In your environment you're using a VPN to connect to a network. Once authenticated to the network via VPN then an RDP session is created to reach the machines that are not connected to the internet.
Cortex XDR has the ability for you to ingest logs from your VPN client as well as your RDP session (ensure logging is turned on for RDP). I'll walk through the steps at a high level as this is a multi-step process.
1. Ingesting the appropriate logs into Cortex XDR (VPN & RDP)
2. Parsing those logs
3. Creating correlation rules to create alerts from the logs in step 1
I'm aware this can be an extensive process especially if it's never been done before. I've included some resources above that I think will help you along your way. I'm also including a link to a webinar done recently titled "Cortex XDR Customer Success Webinar: Third-Party Logs Ingestion, Parsing, and Custom Correlation". This webinar has some demonstrations to help you through the process as well.
I hope I was able to provide with some helpful information. Feel free to respond here if you have any other questions.
Have a great day!
... View more