Hi,
the title pretty much explains my question.
Is there a scan/VT that grabs the amount of failed logins from the Windows security log?
If not, how hard would it be to implement that?
BR
Hi,
the title pretty much explains my question.
Is there a scan/VT that grabs the amount of failed logins from the Windows security log?
If not, how hard would it be to implement that?
BR
This might be a policy control and only available for the GSF users.
Hi,
there is no such VT by now. I don’t think it is too hard to implement, but just to be curious:
What do you expect as output? AFAIK you can disable logging for some logon events (https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/basic-audit-logon-events), which could lead to missing failed login attempts. Also, I think a general “X failed login attempts” is not meaningful. A “X failed login events in the past X days/hours” would be more meaningful?!
Hi,
thank you for the replies.
If that is the case that would be unfortunate.
You’re right a general “X failed login attempts” wouldn’t be too useful, especially because if you use brute force attacks in Greenbone itself.
That was what I was hoping to get.