Good day everyone,
recently we have been putting in to place a bunch of network monitoring software to keep an eye on any shady activity on our domain. One piece of monitoring software in particular has been alerting us with failed logon attempts in the hundreds every night (which i had just now realized its coming form the greenbone equipment i have set up, GSM 150). I have a rotating scan each night for each of our domain controllers that are on site at each location.
When scanning with OpenVAS and Fast and Full does the scan attempt a slew of logon attempts with a set list of well known usernames? Our logs point this out and is there a way to stop it running that portion of the scan in particular. I have set our threshold to not alert us when these happen now but the logs it builds up is more than we would like in our database requiring us to purge or move them monthly instead of semi yearly.
Thanks,
Kyle