F017Inconclusivevalidator: blocked
RDP lateral movement attempt to 172.16.4.5 port 3389
172.16.4.5:3389
Analyst narrative
Multiple closed TCP connections from local system to 172.16.4.5:3389 (RDP) detected, indicating attempted lateral movement via Remote Desktop Protocol.
Proof chain · 0 facts
Every confirmed claim links by foreign key to the typed fact that validated it, and to the forensic tool that produced that fact. This is one finding_trace() query.
Source tools
vol_netscan