I’m looking to pull information on which accounts are being used to login to each asset. I need to know failures and successes and the specific account that IVM tried to use. Is this possible?
If you have access to the scan engine, you can look through the nse.log to find this information. I have not found a way to do this from the console so it would require manual effort.
Linux Path: /opt/rapid7/nexpose/nse/logs/nse.log
Windows Path: C:\Program Files\rapid7\nexpose\nse\logs\nse.log
Try searching for NO_CREDS_SUPPLIED or 1.2.3.4:22 to name a few.