Hi folks,
This is my first post, I’m getting a log of my servers (all with the InsightVM Agent installed) flagging in my Siem, The attempts are being made to authenticate using several accounts, PCGuest, admin and Guest.
1 Like
These look pretty common; From what I was told in the past the scan template uses these familiar or most commonly used accounts to make sure they ARENT being used on systems.
1 Like
Is there a way to find out a list of devices where guest login was successful from these scans?
1 Like
Hi Vanessa, do you know if there is a means to examine the scan template test accounts, it would be helpful to correlate.
I believe when i was asked why wierd accts were attempting to be used, I had windows system admin looking at his windows even logs. I think you can probably pull data package log from rapid7 to see what it uses ive seen them somewhere… Wonder if engineer can chime in…