plz let me know the SIEM event id for the windows remote desktop connections. It should contains the source ip and users id.
Hi, I know this is not the ID but it helps maybe:
It seems your attempting to create a Correlation rule to detect Remote Desktop connections. I would create a rule with login type 2 and destination port 3389. all Alerts from this rule would have source and destination IPs.
Retrieving data ...