Good Afternoon All,
I may have failed to mention that I am new to SolareWinds
LEM and I am still working through understanding a lot of this tools
capabilities and functionally. I think I actually asked three separate and
independent questions here. I appreciate your patience.
I will do some more digging to look for existing templates. This
makes it a little easier to find one rule for RDP, escalated privileges, and
one for port scans.
I think the original idea, regarding port scans was, to be
alerted when a port scan is initiated after an RDP session by the same user. (Logon
to server, RDP to another server, then port scan (maybe?). I’ll do more
homework on the question itself.
Thank you for trying to address my questions. I’ll reach out
again if this continues to elude me.