+
+ <rule id="18157" level="10" frequency="$MS_FREQ" timeframe="240">
+ <if_matched_sid>18258</if_matched_sid>
+ <description>Multiple TS Gateway login failures.</description>
+ <group>authentication_failures,</group>
+ </rule>
+
+ <!--
+ Chrome Remote Desktop
+ Created by Kevin Branch
+ Updated by Wazuh
+ -->
+ <rule id="18158" level="5">
+ <if_sid>18103</if_sid>
+ <match>chromoting</match>
+ <regex>: chromoting: \.* Access denied for client: </regex>
+ <description>Chrome Remote Desktop attempt - access denied</description>
+ </rule>
+
+ <rule id="18159" level="5">
+ <if_sid>18101</if_sid>
+ <match>chromoting</match>
+ <regex>: chromoting: \.* Client connected:</regex>
+ <description>Chrome Remote Desktop attempt - connected</description>
+ </rule>
+
+ <rule id="18160" level="5">
+ <if_sid>18101</if_sid>
+ <match>chromoting</match>
+ <regex>: chromoting: \.* Client disconnected:</regex>
+ <description>Chrome Remote Desktop attempt - disconnected</description>
+ </rule>
+