Hello,
I'm looking to create an alert that looks for and triggers when certain VPN solutions, such as GoToMyPC, VNC, etc. are utilized within our environment.
Does anyone have experience with this? I wasn't able to find any similar existing posts. Thank you.
Hi @rcastello,
The answer is in the logs... what kind of logs are you collecting already and what applications logs are you fetching from your endpoint ?
You need to have a tool on your hosts to detect the applications that are being installed/used/removed then you can fetch the logs from there.
Cheers,
David
Do you have a tool (firewall, etc.) in place that can detect VPN use? If so, trigger the alert on events from that tool.