Syspeace 2.7.0 released

/in

Update to Syspeace 2.7.0! We highly recommend it. Why? It introduces improved support for detecting RDP login failures where the IP addresses are missing in the event log entries. For details, see the separate post A comprehensive approach to detecting RDP login failures. It includes a setting to mitigate repetitive “success” login entries on file […]

Read more
Light bulbs - several.

A comprehensive approach to detecting RDP login failures

/in ,

Syspeace’s way of detecting Windows logon failures is based on using the audit events produced by Windows. This is reliable and non-invasive, but in some cases, there are oddities. When a login succeeds or fails during Remote Desktop/Terminal Services authentication, the event is logged, but there is no reference to the IP address of the […]

Read more