Skill UI

This skill analyzes Windows Security Event Logs (EVTX) to detect RDP brute force attacks. It parses failed logon events (ID 4625) and correlates them with successful logons (ID 4624), performing source IP frequency analysis to identify attack patterns, username spraying, and potential account compromises. This is critical for SOC analysts and threat hunters investigating lateral movement or credential stuffing attempts.