I have a client that has WSA installed on all their endpoints as well as their server.
There are roughly 10-20 simultaneous logged in users to the RDP server at any given time and we have gotten alerts that there was action taken against malware being executed on the server.
I have the alert setup to display the current user, but when they are logged into the RDP session, the alert comes through but doesn't show the logged in user in the alert email.
Is there a way to tell in the GSM or tweak the alert to show who is logged into the RDP server and triggered the malware alert?
Nerds On Site