Thousands of outgoing RDP sessions
Anyone know what would cause this in the logs? I suspect it's malware polling all of the nodes on the network but not sure of the method being used.
Sounds like malware. Would suggest looking at persistence mechanisms, running through malicious program execution and seeing what might be causing it.
What is the event ID ect.
Is it every minute/day/ect
Are they duplicate logs coming from different location?