The Operations team has received intelligence from a credible internal source there may be an insider threat at Deepship. In your role as a Security Operations Center analyst you've been given the task of identifying a policy violation that may indicate the presence of an insider threat. Follow the steps below then select the correct indicators of compromise from the succeeding list.

Log into your Security Onion SIEM as you have done in previous weeks.

From the pane on the left of the screen under "Tools" click "Kibana"

Set the data picker range to Jun $1,2018$ @ $12$:$01$:$00\mathrm{.}00->$ Aug $31,2018$ @ $12$:$01$:$00\mathrm{.}00$

In the filter text box in the upper left of the screen, add the filter for event.dataset.keyword: rdp $($see the image for details$)$

Kibana

Select $4$ correct answer$($s$)$

Question $17$ options:

Destination port $3389$

Destination IP $10\mathrm{.}252\mathrm{.}2\mathrm{.}126$

Destination IP $10\mathrm{.}252\mathrm{.}3\mathrm{.}239$

Destination IP $10\mathrm{.}252\mathrm{.}9\mathrm{.}250$

Source IP $192\mathrm{.}168\mathrm{.}37\mathrm{.}121$

Source IP $192\mathrm{.}168\mathrm{.}37\mathrm{.}122$

First connection July $17,2018$

First connection July $18,2018$

First connection July $16,2018$

Last connection July $23,2018$