60106 administrateur Windows Logon Sucess Admin no_full_log authentication_success,pci_dss_10.2.5,gpg13_7.1,gpg13_7.2,gdpr_IV_32.2,hipaa_164.312.b,nist_80> 92651 10 User: $(win.eventdata.subjectDomainName)\$(win.eventdata.targetUserName) logged using Remote Desktop Connection (RDP) from ip:$(win.eventdata.ipAddress). T1021.001 T1078.002 60103 ^4672$ ^S-1-5-18$ Special privileges assigned to new logon. T1484 no_full_log 60103 ^528$|^540$|^673$|^4624$|^4769$ Windows Logon Success no_full_log T1078 60103 ^538$|^551$|^4634$|^4647$ Windows User Logoff no_full_log 67028 00:00-05:00 Privileged logon during quiet hours (00:00–05:00 local) no_full_log 60137 administrateur Windows Logoff Admin no_full_log authentication_success,pci_dss_10.2.5,gpg13_7.1,gpg13_7.2,gdpr_IV_32.2,hipaa_164.312.b,nist_80>