...
The following query will list all targets that iQSonar was unable to log in to, which we suspect are running Linux or a Unix-type OS
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
SELECT p.Name as Project
, TargetName
, HostnameOrIP
, SuspectedOrScannedOS
, Status
, Reason
FROM [history].[v_DiagnosticsDeviceList] vDDL
INNER JOIN config.t_Project p ON vDDL.ProjectID = p.ProjectID
WHERE Reason = 'Access Denied'
-- ==== Change This ==== --
AND vDDL.ProjectID = 1
-- --------------------- --
AND SuspectedOrScannedOS = 'Windows' |
List targets and the attempted credentials
The following queries will list the targets and the credentials which failed. These queries work on older versions of iQSonar.
Warning |
---|
This query works with iQSonar releases up to and including Fu R3. |
...
Login failures using the SSH protocol are indicative of credential problems (wrong login id, wrong password, account without permission to login from given IP Address, and so forth). To find hosts that can not be scanned for non-credential reasons, this query might help instead.
SSH Connection Failure (Per Project)
Note that this query will list ALL login failures for a project - helpful when determining if your credentials are in the wrong order as well as finding hosts you cannot log in to. Getting your credentials in the correct order (i.e. minimizing failed login attempts) will reduce the risk of locking out an account and also speed up the scan.
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
--SSH Login Failure
SELECT jobProj.ProjectID
, p.Name AS Protocol
, o.Name AS Outcome
, ch.AttemptDate
, ch.IPAddress
, ch.Port
, c.label as Credential
, ch.Message
FROM history.t_connectionhistory ch
INNER JOIN jobs.t_JobLocationProjectIPRange AS jobProj ON jobProj.JobID = ch.JobID
INNER JOIN config.t_Protocol p ON ch.ProtocolID = p.ProtocolID
INNER JOIN config.t_Outcome o ON o.OutcomeID = ch.OutcomeID
INNER JOIN config.t_Credential c ON c.CredentialID = CH.CredentialID
WHERE ch.ProtocolID=2
AND ch.OutcomeID = 3
-- === Change this line ==== --
AND jobProj.ProjectID = 1
-- ========================= --
ORDER BY AttemptDate DESC |
...
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
WITH unscanned AS ( SELECT DISTINCT [HostnameOrIP] FROM [history].[v_DiagnosticsDeviceList] WHERE Status = 'Unscanned' -- === Change this line ==== -- AND ProjectID = 1 -- ========================= -- AND SuspectedOrScannedOS NOT LIKE '%Window%' -- explicitly exclude targets we think are running Windows ) SELECT jobProj.ProjectID , p.Name AS Protocol , o.Name AS Outcome , ch.AttemptDate , ch.IPAddress , ch.Port , c.label as Credential , ch.Message FROM history.t_connectionhistory ch INNER JOIN jobs.t_JobLocationProjectIPRange AS jobProj ON jobProj.JobID = ch.JobID INNER JOIN config.t_Protocol p ON ch.ProtocolID = p.ProtocolID INNER JOIN config.t_Outcome o ON o.OutcomeID = ch.OutcomeID INNER JOIN config.t_Credential c ON c.CredentialID = CH.CredentialID WHERE ch.ProtocolID =2 AND ch.OutcomeID = 3 AND ch.IPAddress IN (SELECT HostnameOrIP FROM unscanned) -- === Change this line ==== -- AND jobProj.ProjectID = 1 -- ========================= -- ORDER BY AttemptDate DESC |
...