RDP Lateral Movement Burst
Detects multiple RDP sessions (logon type 10) from the same user to different hosts in a short window — lateral movement indicator.
Detects multiple RDP sessions (logon type 10) from the same user to different hosts in a short window — lateral movement indicator.