AnsweredAssumed Answered

How to disable "extra credit" Qualys VM Brute Force logic?

Question asked by Jake VanMast on Apr 26, 2019
For some of our most sensitive production hosts, we have alerts setup for bad logins.  Qualys scanning (via Network Appliance) additionally seems to try some well known users like admin, root, factory, user.  We do not have the "Brute Force" feature in Option Profile enabled, because we do not wish to fire extra alerts when scanning these host.
Anyone have ideas on how to remove this "extra credit" Brute Force logic?

Are they related to specific remote QID checks?  If so is there any way to identify which ones from the KB?
(we see some articles related to specific applications, like FTP, however these are for SSH, on Cisco CUCM)
admin:  show logins successful
qualys   pts/1        host123. Sun Apr 21 01:22 - 01:22  (00:00)   
qualys   pts/0        host123. Sun Apr 21 01:22 - 01:26  (00:03)   
qualys   pts/1        host123. Sun Apr 21 01:13 - 01:14  (00:00)   
qualys   pts/0        host123. Sun Apr 21 01:13 - 01:13  (00:00)  
admin:  show logins unsuccessful
factory  ssh:ssh host123. Sun Apr 21 01:27 - 01:27  (00:00)   
factory  ssh:ssh host123. Sun Apr 21 01:27 - 01:27  (00:00)   
user     ssh:ssh host123. Sun Apr 21 01:27 - 01:27  (00:00)   
user     ssh:ssh host123. Sun Apr 21 01:27 - 01:27  (00:00)   
admin    ssh:ssh host123. Sun Apr 21 01:27 - 01:27  (00:00)   
admin    ssh:ssh host123. Sun Apr 21 01:27 - 01:27  (00:00)   
root     ssh:ssh host123. Sun Apr 21 01:27 - 01:27  (00:00)   

Outcomes