For internal scanning, I’m currently using OpenVAS as packaged within OSSIM. I’ll changing to running it in GSA on Parrot Linux soon. Anyway, within OSSIM, I was using the “Deep and Full, Non-Destructive” option for the scan. OSSIM packages the scan choices its own way. So this scan was testing for default/easy credential use, and knocked out one of our ESXi management agents. It didn’t just lock it out temporarily, it made it inaccessible. The vm guests are still running, and obviously the ESXi host is also. Its just that Vsphere cannot connect to that host or its vm’s until the agent is restarted.
So how do I avoid this? Use GSA with different scan options? Or is it a known issue with ESXi? Or none of the above?