title: Default Credentials Usage id: 1a395cbc-a84a-463a-9086-ed8a70e573c7 status: stable description: Before deploying any new asset, change all default passwords to have values consistent with administrative level accounts. Sigma detects default credentials usage. Sigma for Qualys vulnerability scanner. Scan type - Vulnerability Management. author: Alexandr Yampolskyi, SOC Prime references: - https://www.cisecurity.org/controls/cis-controls-list/ - https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf - https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf - https://community.qualys.com/docs/DOC-6406-reporting-toolbox-focused-search-lists date: 2019/03/26 logsource: product: qualys detection: selection: host.scan.vuln: - 10693 - 11507 - 11633 - 11804 - 11821 - 11847 - 11867 - 11931 - 11935 - 11950 - 12541 - 12558 - 12559 - 12560 - 12562 - 12563 - 12565 - 12587 - 12590 - 12599 - 12702 - 12705 - 12706 - 12907 - 12928 - 12929 - 13053 - 13178 - 13200 - 13218 - 13241 - 13253 - 13274 - 13296 - 13301 - 13327 - 13373 - 13374 - 13409 - 13530 - 13532 - 20065 - 20073 - 20081 - 27202 - 27358 - 38702 - 38719 - 42045 - 42417 - 43029 - 43220 - 43221 - 43222 - 43223 - 43225 - 43246 - 43431 - 43484 - 86857 - 87098 - 87106 condition: selection falsepositives: - unknown level: medium # tags: # - CSC4 # - CSC4.2 # - NIST CSF 1.1 PR.AC-4 # - NIST CSF 1.1 PR.AT-2 # - NIST CSF 1.1 PR.MA-2 # - NIST CSF 1.1 PR.PT-3 # - ISO 27002-2013 A.9.1.1 # - ISO 27002-2013 A.9.2.2 # - ISO 27002-2013 A.9.2.3 # - ISO 27002-2013 A.9.2.4 # - ISO 27002-2013 A.9.2.5 # - ISO 27002-2013 A.9.2.6 # - ISO 27002-2013 A.9.3.1 # - ISO 27002-2013 A.9.4.1 # - ISO 27002-2013 A.9.4.2 # - ISO 27002-2013 A.9.4.3 # - ISO 27002-2013 A.9.4.4 # - PCI DSS 3.2 2.1 # - PCI DSS 3.2 7.1 # - PCI DSS 3.2 7.2 # - PCI DSS 3.2 7.3 # - PCI DSS 3.2 8.1 # - PCI DSS 3.2 8.2 # - PCI DSS 3.2 8.3 # - PCI DSS 3.2 8.7