Skip to content

Hide Navigation Hide TOC

Denied Access To Remote Desktop (8e5c03fa-b7f0-11ea-b242-07e0576828d9)

This event is generated when an authenticated user who is not allowed to log on remotely attempts to connect to this computer through Remote Desktop. Often, this event can be generated by attackers when searching for available windows servers in the network.

Cluster A Galaxy A Cluster B Galaxy B Level
Denied Access To Remote Desktop (8e5c03fa-b7f0-11ea-b242-07e0576828d9) Sigma-Rules Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern 1
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern 2