We have several Authentication Records set within Qualys for each of our domains. Most of our Windows based Authentication Records are set up similarly with the following options selected (assume anything not explicitly listed is set up properly):
Follow trust relationships
Enable agentless tracking
With that being said I have a couple questions. There are just a handful of instances where the the wrong Auth Record is attempting to be used. For instance, let's say we have Auth record "ABC.COM" that is assigned to domain "ABC.COM" with the above options selected. When I run an Auth report I see that Auth record "DEF.COM" is being used for "ABC.COM", and failing of course. Can anyone explain why this would be happen. I just noticed it so I haven't ran enough reports to see if this is a repeatable action.
Second question. When I select the "Details" link within Vulnerability Management>Scans>Authentication tab I've noticed something peculiar. For any of our Auth records that are set up with the aforementioned selections the "Details" portion will show pass, fail, and not attempted as 0. Whereas any other Auth Record not set up exactly as above will yield results. Can anyone explain this?