Hello guys someone know how to create a rule in ESA Rules to detect users with RDP sessions idle or passive, i mean, the user make a logon to a server and left his place for long time (ex. 4 hours) with the RDP session open and come back to do some admin activities as create a new user or reset passwords, etc, etc.
I hope some of you guys can help me.
Best Regards,
LuisB
@alespinosadlm
