My BES Compliance Report data imports are failing.
When I try to update the Data Source settings, it says I have an API failure.
So I open my BES Server’s server_audit log and see “|INFO||||||fake-account-name: Too many log in attempts. (API Connection)”
Is there a way to increase how many log in attempts are allowed?
Alternately, is there a way to see what IP is trying to log in with each of these messages?
Should be possible using the AccountLockoutThreshold advanced option …
https://help.hcltechsw.com/bigfix/9.5/platform/Platform/Installation/c_advanced_options.html
To identify the IP is maybe possible enabling the tracing of the server and checking for the specific request api/login
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0023389
Thanks @gpoliafico , that got me halfway there.
I set the lockout threshold to 15 and the lockout duration to 0.
Digging through the Relay and Server Audit logs, I found the BigFix main server itself was locking the service account out.
Turned out my BigFix Server Plugin Service (REST API) was locking the account out.
I used this to update the API credentials for REST, and it seems good now.
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0023347