Elastic Security has introduced a new advanced detection analytics package aimed at identifying malicious Remote Desktop Protocol (RDP) connections to prevent lateral movements by attackers. This package enhances the ability to detect fileless malware and malicious processes exploiting remote services and sessions, specifically targeting the commonly abused Windows RDP feature. The 8.9 release includes additional anomaly detection jobs and rules that establish a baseline for expected RDP session behavior, flagging deviations indicative of potential threats. The package, which is now generally available to Elastic users, leverages both anomaly detection and pre-built detections to enhance security measures against zero-day attacks. It provides tools for monitoring RDP session activities, such as tracking session duration and process execution, and includes the Living off the Land (LotL) Attack Detection package to identify malicious processes within RDP sessions. The setup process involves installing the package, running pivot transforms, and executing anomaly detection jobs, alongside enabling security detection rules to alert users of suspicious activities. Elastic Security continues to expand these capabilities, integrating user feedback to improve detection features.