10-30-2019 12:07 PM - edited 02-21-2020 09:38 AM
11-05-2019 08:21 PM
This looks like expected because all sessions on the same host sharing the same IP address, by default. You might consider Remote Desktop IP Virtualization
Or, you may check out the Firepower Terminal Server Agent.
11-06-2019 05:22 AM
11-06-2019 08:32 PM
Many thanks for trying it out. CDA is based on Kerberos security events so your results show it not compatible.
Next, please try Firepower Terminal Server Agent. I moved your post to FirePOWER, where the team will be able to assist you better.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide