Troubleshooting
Problem
Scanning the Windows servers with a QVM full scan can sometimes lock out administration accounts.
Cause
QRadar Vulnerability Manager (QVM) tests multiple default credentials on accounts.
Resolving The Problem
You can prevent this account lock out issue by disabling the related logon tests:
- In the QRadar UI, click the Vulnerabilities tab.
- Under vulnerabilities, expand Administrative.
- Click Scan Policies.
- Click Add to create a new Scan Policy
- Enter a Name for this Scan Policy and a Description
- Click Enabled > Share with Everyone.
- Click Scan Type Full.
- Click the Tools tab. By default, the Included list is displayed.
- From the Filter menu, select Default Logons (Dos Risk).
- Click Exclude All to remove the check marks next to the items in the list.
- Click Save.
- Verify that the Default Logons (Dos Risk) tools are in the Excluded list.
Note: When the "Default Logons (DOS risk)" tool is excluded in the scan policy, patch scanning will not run with Full scan behavior.
Results: You have a Full scan policy that will not lock out Administrative accounts
Where do you find more information?
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSHLPS","label":"IBM Security QRadar Vulnerability Manager"},"Component":"","Platform":[{"code":"PF009","label":"Firmware"}],"Version":"7.3.0;7.3.1","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Was this topic helpful?
Document Information
Modified date:
30 July 2018
UID
ibm10718401