For those who may have missed it, RDPSoft released a new FREE RDS Log Viewer tool at the end of March.
This tool (currently in beta) displays both logon failures and successful logons from RDS session hosts. It has many features to assist you in finding the user account of an logon failure and then locating the attacker’s source IP, including:
-displaying traditional “security log only” RDS failures when the Security Layer is RDP
-correlating logon failures with NLA when the Security Layer is TLS/SSL
In addition, there are other features such as:
-showing all successful RDS authentifications
-the ability to export the results to comma-delimited text
-the ability to geolocate the attacker’s IP address
You can read more and download the tool for FREE HERE