SYSMON Event ID 3 - RDP logon issue : "Initiated" field allways false
Jérémy Beaugeard
1
Reputation point
Hello,
I have an issue with Sysmon event ID 3. This event is related to network connections. When i logon to my windows client via RDP, sysmon shows this log event :
As you can see the "Initiated" field is set to false. There is no difference between this event and the RDP connection failure. Should the "Initiated" field not be set to true in this case ?
Note : I use my AD credentials to log myself.
Thanks,
Jeremy