Onboarding and Self-Service


Arctic Wolf Unified Portal Telemetry Management

Updated Jan 17, 2024

Brute force scanning

Brute force scanning checks are available for default, known, or common usernames and passwords for various services and devices.

If you have devices on your network that use the default or known usernames, brute force scanning can lead to Active Directory or standard account lockouts. Arctic Wolf® recommends that you update the device username from the known or default values to enhance your security posture and prevent account lockouts during scans. If that is not possible, you can disable brute force scanning checks.

See Enable or disable brute force scanning to configure brute force scanning, and Brute force scanning username checks for some brute force scanning username checks.

Enable or disable brute force scanning

Notes:

  • Arctic Wolf recommends only using these settings for troubleshooting or emergency situations.
  • Brute force scanning is separate from OpenVAS scanning. OpenVAS scanning is the underlying technology used for IVA scanning. OpenVAS performs regular vulnerability checks, such as default username and password checks, regardless of whether brute force scanning is enabled or not.
  1. Sign in to the Arctic Wolf Unified Portal.

  2. Click Telemetry Management > Scanners.

  3. Click Configure for the scanner that you want to view.

    Tip: The scanner must be online for configuration changes. If needed, use filters to limit your results. See Scanner filters for more information.

  4. In the Scanner Configuration section, do one of these actions:

    • To enable brute force scanning, click the Brute Force Scanning toggle to the on position.
    • To disable brute force scanning, click the Brute Force Scanning toggle to the off position.
  5. Click Update Configuration.

    This button is not available if the scanner is offline.

Brute force scanning username checks

When brute force scanning is enabled, the scanner checks for this non-exhaustive list of usernames:

Note: In addition to these username checks, the scanner uses known default usernames of different devices to validate Common Vulnerabilities and Exposures (CVE).