Grab amount of failed logins from Windows Security Log


#1

Hi,

the title pretty much explains my question.
Is there a scan/VT that grabs the amount of failed logins from the Windows security log?
If not, how hard would it be to implement that?

BR


#2

This might be a policy control and only available for the GSF users.


#3

Hi,

there is no such VT by now. I don’t think it is too hard to implement, but just to be curious:

What do you expect as output? AFAIK you can disable logging for some logon events (https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/basic-audit-logon-events), which could lead to missing failed login attempts. Also, I think a general “X failed login attempts” is not meaningful. A “X failed login events in the past X days/hours” would be more meaningful?!


#4

Hi,
thank you for the replies.

If that is the case that would be unfortunate.

You’re right a general “X failed login attempts” wouldn’t be too useful, especially because if you use brute force attacks in Greenbone itself.

That was what I was hoping to get.