AnsweredAssumed Answered

Question on Authentication Record Details

Question asked by psaux on Dec 9, 2014

We have several Authentication Records set within Qualys for each of our domains. Most of our Windows based Authentication Records are set up similarly with the following options selected (assume anything not explicitly listed is set up properly):

Windows Authentication

Domain

Follow trust relationships

 

Login

Authentication Vault

 

Agentless Tracking

Enable agentless tracking

 

With that being said I have a couple questions. There are just a handful of instances where the the wrong Auth Record is attempting  to be used. For instance, let's say we have Auth record "ABC.COM" that is assigned to domain "ABC.COM" with the above options selected. When I run an Auth report I see that Auth record "DEF.COM" is being used for "ABC.COM", and failing of course. Can anyone explain why this would be happen. I just noticed it so I haven't ran enough reports to see if this is a repeatable action.

 

Second question. When I select the "Details" link within Vulnerability  Management>Scans>Authentication tab I've noticed something peculiar. For any of our Auth records that are set up with the aforementioned selections the "Details" portion will show pass, fail, and not attempted as 0. Whereas any other Auth Record not set up exactly as above will yield results. Can anyone explain this?

Outcomes