Can you analyze logs from an attempted RDP bruteforce attack?
One of our system administrators identified a large number of Audit Failure events in the Windows Security Event log.
There are a number of different ways to approach the analysis of these logs! Consider the suggested tools, but there are many others out there!Scenario Description
This was actually super easy of a challenge but I had a lot of fun honing my skills with cat, grep, sort, wc and awk on unix to carve out precisely the data we needed.