AnsweredAssumed Answered

Authentication Failures in Security Logs

Question asked by jrkurosawa on Apr 19, 2017
Latest reply on Apr 21, 2017 by Qsingh

Our monitoring has picked up a large number of either "User Login Failure" or "General Authentication Failed" records in the security logs of a number Windows 2012 servers that come from accounts with semi-random names such as "Qualys91101070359349987539517818931".

Based on the times, it seems to be related to Policy Compliance scanning, although the PC report shows the majority of the systems to have authenticated successfully (including most of those which show the auth failures in their logs).

 

Is this normal behaviour? Is it related to testing of a specific CID?

Outcomes