We use Nessus in conjunction with LEM (6.1). Some of our Nessus scans are designed to check for and attempt to use ...\administrator on Windows devices. I need to whitelist this activity by Source IP or whatever I can on the LEM for all of our Nessus Scanners. I only need the results of the Nessus scan in the Nessus app. I do not need to see
| NetworkIncident | logon failure "\administrator" | ---------------- redacted ---------------------- | 9:08:14 Thu Mar 10 2016 | 9:08:14 Thu Mar 10 2016 | 4 | vista security | Critical Account Logon Failures | microsoft-windows-security-auditing 4625 |
or get the email spam a predecessor decided to set up.
Any help?
I'd prefer to just whitelist all activity from my Nessus scanners as far as the LEM is concerned.
thanks folks.
