iQSonar uses multiple protocols to connect to targets running various versions of Windows. The different connection types can give different information about the target.
The connection types are as follows:
- 3: WMI
- 4: Remote Registry
- 13: NetBIOS
- 15: SMB (file sharing)
- 16: WinRM
- 17: Remote Process
Windows connection failure (Per Project)
Find windows connection failures
--Windows Login Failures
SELECT jobProj.ProjectID
, p.Name AS Protocol
, o.Name AS Outcome
, ch.AttemptDate
, ch.IPAddress
, ch.Port
, c.label as Credential
, ch.Message
FROM history.t_connectionhistory ch
INNER JOIN jobs.t_JobLocationProjectIPRange AS jobProj ON jobProj.JobID = ch.JobID
INNER JOIN config.t_Protocol p ON ch.ProtocolID = p.ProtocolID
INNER JOIN config.t_Outcome o ON o.OutcomeID = ch.OutcomeID
INNER JOIN config.t_Credential c ON c.CredentialID = CH.CredentialID
WHERE ch.ProtocolID IN (3,4,13,15,16,17)
AND ch.OutcomeID = 3
-- === Change this line ==== --
AND jobProj.ProjectID = 1
-- ========================= --
ORDER BY AttemptDate DESC