Does the GSM try brute force?

I ran this against several of our servers and one of them, our VPN server, had a failed login alert triggered for ~6k failed logins, and the failures showed to be coming from the IP of the GSM VM.

Is this a normal part of the scan? Or do I need to go down the rabbit hole?

It´s the default user account database :wink: You should disable this is you see this as brute force.

1 Like