If an RDP session is “upgraded” to SSL, this will be indicated with this script in a new field added to the RDP log.
policy/protocols/smb/__load__.bro
policy/protocols/mysql/software.bro