Scanning the Windows servers with a QVM full scan can sometimes lock out administration accounts.
QRadar Vulnerability Manager (QVM) tests multiple default credentials on accounts.
Resolving The Problem
You can prevent this account lock out issue by disabling the related logon tests:
- In the QRadar UI, click the Vulnerabilities tab.
- Under vulnerabilities, expand Administrative.
- Click Scan Policies.
- Click Add to create a new Scan Policy
- Enter a Name for this Scan Policy and a Description
- Click Enabled > Share with Everyone.
- Click Scan Type Full.
- Click the Tools tab. By default, the Included list is displayed.
- From the Filter menu, select Default Logons (Dos Risk).
- Click Exclude All to remove the check marks next to the items in the list.
- Click Save.
- Verify that the Default Logons (Dos Risk) tools are in the Excluded list.
Note: When the "Default Logons (DOS risk)" tool is excluded in the scan policy, patch scanning will not run with Full scan behavior.
Results: You have a Full scan policy that will not lock out Administrative accounts
Where do you find more information?
Was this topic helpful?
30 July 2018