F047Suspiciousvalidator: blocked
Outbound RDP attempts to 172.16.4.5
RDP connection attempts to 172.16.4.5:3389
Analyst narrative
Numerous TCP connections from 172.16.6.11 to 172.16.4.5:3389 (CLOSED) indicate RDP lateral-movement attempts.
Claims asserted
path172.16.4.5:3389
Proof chain · 0 facts
Every confirmed claim links by foreign key to the typed fact that validated it, and to the forensic tool that produced that fact. This is one finding_trace() query.
Source tools
parse_event_logsvol_netscan