At Astra, we understand that different organizations have different security policies. Some of our automated vulnerability scan rules include brute-force testing to simulate real-world attack scenarios. However, if your environment restricts such testing, you can disable these rules at your discretion.
This guide outlines how you can manage or disable brute-force rules in your automated scanning.
Email Enumeration in Login Page
Bruteforceable Login Page
Missing Rate Limit on Forgot Password
Possible name Enumeration
If you're unsure about disabling rules or want us to configure it for you, please raise a support ticket. Our team will promptly assist you in customizing your scanner configuration. Please find the documentation for doing so here
Q: Will disabling brute-force rules affect the accuracy of the scan?
A: Only for vulnerabilities related to credential security. Other types of vulnerabilities (e.g., XSS, SQLi, misconfigurations) will still be detected.