Are there any suggestions for determining when/if scans are being impacted by network congestion? I see some time outs for QID 105053 "Unix Authentication Failed" and suspect network congestion as the culprit.
I'm curious about this as well. We've historically used a separate network monitoring tool like Solarwinds, NetBrain, etc. to determine scan impacts. If there's a better way, I'd love to know.
One indicator leading to my suspicion is authentication irregularities. In one scan, a windows host will be authenticated, but the next iteration of that scan not authenticated. In the unauthenticated scan, either Host Names Found (45039) or NetBIOS Bindings (70004), I can't remember which, do not indicate that host's domain membership. As such, I do not think the scanners knows to use an authentication record to use, hence not authenticated.
Doing a search on what is not in the QID Results, I do not think it possible directly, but perhaps I can query based on the presence of the QID, filter out those records that do indicate domain membership.
Did you find out anything more on this issue? We are running into the same sort of issue with our internal Qualys scans. The same Qualys internal scanners, scan targets, options profile, AD auth. record, network, VMWare guests as targets, etc... get different results, normally failed authentications, run one right after the other with maybe two minutes in between the finish of one scan and the start of another. So, is it our network hardware, overloaded DC, or a Qualys POD2 issue?
Later, we tried turning down the performance level in the option profile from normal to low, with the same inconsistent and unpredictable results.
Any help would be greatly appreciated!!!! Thank you!
Retrieving data ...