How can I turn off testing defaul login/BF attacks? Because as soon as I scan our network events of this type: “pam_succeed_if(sshd:auth)” go to e-mail and we would need to turn it off.
I try to turn off the Bruteforce attack in OpenVas: Configuration/Scan configs/ and in item “Edit Network Vulnerability Test Families” I set turn off all items in “Brute force attacks 0 of 14”. But this step did not help.
You don´t know how to turn it off so this doesn´t scan.
A general advice is to not weaken the scan coverage of a vulnerability scanner just to keep the amount of logging low.
The simple rationale behind this recommendation is that such default accounts are a high level security risk and if you exclude these checks you are simply missing checks for known default credentials (some of them you even might not know).
Instead of weaken the scan coverage i would suggest to correctly configure your logging so that e.g. the scanner IP is excluded from the logging.