This detection rule identifies the usage of default credentials through the Qualys vulnerability scanner. The intent is to highlight potential security risks posed by devices or applications that have not had their default credentials changed. Default credentials present a significant attack vector for malicious actors seeking initial access. The rule deploys a Sigma-based detection mechanism that scans for specific vulnerability IDs associated with devices exhibiting default credential settings. By scanning for these known vulnerabilities, it helps ensure all assets are secured before deployment. Organizations are encouraged to adhere to security best practices by changing default passwords prior to asset deployment, thereby reducing the risk of unauthorized access. This detection rule's importance is underscored by compliance guidelines from organizations such as NIST and PCI DSS which stress the necessity of changing default credentials to maintain a strong security posture.