Rapid7 InsightVM and account testing

Hi folks,

This is my first post, I’m getting a log of my servers (all with the InsightVM Agent installed) flagging in my Siem, The attempts are being made to authenticate using several accounts, PCGuest, admin and Guest.

These look pretty common; From what I was told in the past the scan template uses these familiar or most commonly used accounts to make sure they ARENT being used on systems.

Is there a way to find out a list of devices where guest login was successful from these scans?

Hi Vanessa, do you know if there is a means to examine the scan template test accounts, it would be helpful to correlate.

I believe when i was asked why wierd accts were attempting to be used, I had windows system admin looking at his windows even logs. I think you can probably pull data package log from rapid7 to see what it uses ive seen them somewhere… Wonder if engineer can chime in…