We have quite a few of AIX/Solaris servers on the network. Authentication of these servers with Qualys is carried out using username/password. We have noticed that once a server has been remediated i.e. a 'qualys' account has been created on it and a corresponding authentication record has been added in Qualys, servers are able to successfully authenticate with Qualys.
However after a period of around 1 month or so, Qualys authentication with these servers fails. When we try to inspect logs on the servers, it shows that Qualys login failed due to incorrect login attempts being made. We have even checked the originating IP of these incorrect logins. It's the Qualys appliance IP itself. Due to a number of incorrect login attempts, the account gets locked out and authentication fails.
Once we reset the 'qualys' account on these server, Qualys is again able to authenticate with the servers. This occurs in spite the fact that the authentication records in Qualys are untouched and there is no change in password in any of the records.
Can anybody let me know why does this kind of situation arise? Pls put your views on this.