We have quite a few Solaris and AIX servers on our network. We ensure maximum percentage of our servers authenticate with Qualys; while it scans them.
In order to achieve the same, we have created service accounts; for Qualys to log on to the servers by suing the same.
We have noticed that the Qualys is able to log in successfully to these accounts on these servers only for a short period of time (may be 1-2 weeks). There after, authentication starts failing for these servers. When we investigate, we find that the accounts (for Qualys) on these servers have got automatically locked due to maximum wrong log in count being reached.
We have tried correcting the situation a no. of times by unlocking the accounts again and again. However, successful authentication occurs only for a week or 2; and then authentication tends to fail again. We were wondering as to what could have really caused that problem. Examination of logs show that these incorrect login attempts have originated from the Qualys scanner appliance itself. However, its really a thing to worry about as to why Qualys would try to log in with wrog credentials; when the right credentials have already been configured in the Qualys authentication records.
Would like to know your thoughts and suggestions on the issue.