3.2.3.4.4.2. RDP Connections

The RDP (Remote Desktop Protocol) Connection dashboard display various metrics and insights related to the prevention of lateral movement via RDP and prevention of unauthorized remote access.

The view displays the following dashboards:

../../../../../_images/rdp_connections.png

  • Total RDP connections: Metric showing the total number of RDP connections.

  • Total RDP clients: Metric showing the total unique clients on RDP connections.

  • Total RDP servers: Metric showing the total unique servers on RDP connections.

  • Total RDP connections time evolution: Histogram showing the time evolution of the RDP connections.

  • Security protocol chosen by RDP servers: Tree map showing the distribution of the security protocol chosen by the RDP server: Standard RDP, TLS, CredSSP, RDSTLS, CredSSP + Early User Authorization Result PDU, or RDS-AAD-Auth.

  • Types of RDP clients: Tree map showing the distribution of the different types of RDP clients.

  • Total RDP clients time evolution: Histogram showing the time evolution of the total unique RDP clients.

../../../../../_images/rdp_connections2.png

  • Top RDP 10 clients: Bar chart showing the top 10 RDP clients by the total number of RDP connections. Each bar indicates the RDP connections for a specific client IP address and is segmented by by the security protocol used: Standard RDP, TLS, CredSSP, RDSTLS, CredSSP + Early User Authorization Result PDU, or RDS-AAD-Auth.

  • Top 10 RDP servers: Bar chart showing the top 10 RDP servers by the total number of RDP connections. Each bar indicates the RDP connections for a specific client IP address and is segmented by by the security protocol used: Standard RDP, TLS, CredSSP, RDSTLS, CredSSP + Early User Authorization Result PDU, or RDS-AAD-Auth.

  • RDP connections flow: Sankey diagram showing the flow of RDP connections between source and destination IP addresses. Each line represents the number of connections from a specific source IP on the right. Different colors indicate the various connections paths.

../../../../../_images/rdp_connections3.png

  • RDP connections details: Table showing the following information of RDP connections: dates, device info (MAC, IP, type), user, switch details (IP, port), and building and network names.