OpenCanary - RDP New Connection Attempt

Original Source: [Sigma source]
Title: OpenCanary - RDP New Connection Attempt
Status: experimental
Description:Detects instances where an RDP service on an OpenCanary node has had a connection attempt.
References:
  -https://opencanary.readthedocs.io/en/latest/starting/configuration.html#services-configuration
   -https://github.com/thinkst/opencanary/blob/a0896adfcaf0328cfd5829fe10d2878c7445138e/opencanary/logger.py#L52
 Author: Marco Pedrinazzi (@pedrinazziM)
Date: 2026-01-06
modified:None
Tags:
  • -'attack.initial-access'
  • -'attack.lateral-movement'
  • -'attack.persistence'
  • -'attack.t1133'
  • -'attack.t1021.001'
Logsource:
  • category: application
  • product: opencanary
Detection:
  selection:
    logtype: '14001'
  condition:selection
Falsepositives:
  -Unlikely
Level: high

© 2024 DetectionCode Website. All Rights Reserved.