Hi
This alarm is very useful to spot anyone sniffing around, but I'm wondering if there's a way of excluding/ignoring certain IP addresses? - as we have a Nessus appliance that is constantly scanning and always triggering this.
I don't suppose there is, but thought I'd ask here.
Cheers
-
- Veteran
- Posts: 381
- Liked: 37 times
- Joined: Oct 17, 2013 10:02 am
- Full Name: Mark
- Location: UK
- Contact:
-
- Veeam Software
- Posts: 745
- Liked: 189 times
- Joined: Nov 01, 2016 11:26 am
- Contact:
Re: Alarm: Bad Host username logon attempt - exemptions?
Hello Mark,
Bad Host username logon attempt alarm is based on BadUsernameSessionEvent event which comes from VI.
It is possible to use wildcards the ‘*’ (asterisk) and ‘?’ (question) in the Event text field. The ‘*’ (asterisk) character stands for zero or more characters. The ‘?’ (question mark) stands for a single character. Unfortunately, there is no negation wildcard mask to ignore specific IP addresses but might be there a chance to do the opposite and specify addresses that shouldn't be ignored.
Thanks
Bad Host username logon attempt alarm is based on BadUsernameSessionEvent event which comes from VI.
It is possible to use wildcards the ‘*’ (asterisk) and ‘?’ (question) in the Event text field. The ‘*’ (asterisk) character stands for zero or more characters. The ‘?’ (question mark) stands for a single character. Unfortunately, there is no negation wildcard mask to ignore specific IP addresses but might be there a chance to do the opposite and specify addresses that shouldn't be ignored.
Thanks
Who is online
Users browsing this forum: No registered users and 12 guests