Grab amount of failed logins from Windows Security Log


the title pretty much explains my question.
Is there a scan/VT that grabs the amount of failed logins from the Windows security log?
If not, how hard would it be to implement that?


This might be a policy control and only available for the GSF users.


there is no such VT by now. I don’t think it is too hard to implement, but just to be curious:

What do you expect as output? AFAIK you can disable logging for some logon events (, which could lead to missing failed login attempts. Also, I think a general “X failed login attempts” is not meaningful. A “X failed login events in the past X days/hours” would be more meaningful?!


thank you for the replies.

If that is the case that would be unfortunate.

You’re right a general “X failed login attempts” wouldn’t be too useful, especially because if you use brute force attacks in Greenbone itself.

That was what I was hoping to get.