Hi,
the title pretty much explains my question.
Is there a scan/VT that grabs the amount of failed logins from the Windows security log?
If not, how hard would it be to implement that?
BR
This might be a policy control and only available for the GSF users.
Hi,
there is no such VT by now. I don’t think it is too hard to implement, but just to be curious:
What do you expect as output? AFAIK you can disable logging for some logon events (https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/basic-audit-logon-events), which could lead to missing failed login attempts. Also, I think a general “X failed login attempts” is not meaningful. A “X failed login events in the past X days/hours” would be more meaningful?!
2 Likes
Hi,
thank you for the replies.
If that is the case that would be unfortunate.
You’re right a general “X failed login attempts” wouldn’t be too useful, especially because if you use brute force attacks in Greenbone itself.
That was what I was hoping to get.