This analytic focuses on identifying potential brute force attacks on Remote Desktop Protocol (RDP) by analyzing network traffic patterns. Utilizing the Network_Traffic data model, it detects anomalies in RDP traffic by monitoring and filtering the source and destination pairs of the network data where the traffic exceeds twice the standard deviation of the average observed traffic for that pair. Such activity is critical to monitor as it could indicate an unauthorized attempt to access systems via RDP, potentially leading to further security breaches such as data exfiltration or system compromise. To implement this detection, it's essential that network traffic data is integrated into the Network_Traffic data model in Splunk. Be aware that RDP gateways may generate legitimate high traffic, which could lead to false positives if not managed properly.