24Oca
SIEM: Correlating remote logons to associate origin and target user
How is it possible to correlate or detect user logons, e.g. via ssh/rdp, to associate the origin user and target user?
My use case is to know who actually (personal/identifiable) used a technical account (non-personal).
Sidenote: Both clients and both users are in the same network and or at least share the same AD forrest or authentication.
