Hello GlennMaxwell-2309,
Thank you for posting in our Q&A forum.
Would you please tell us which machine you are using third party vulnerability scanner?
These events occur on the computer that is authoritative for the credentials. For domain accounts, the Domain Controller is authoritative,
whereas for local accounts, the local computer is authoritative.
If you are on the Domain Controller, you can check whether the setting is set as Success and Failure within Default Domain Controller Policy manually.
Or you can run the command on the DC to check whether "Computer Configuration\Policies\Windows Settings\Security Settings\Advanced Audit Policy Configuration\Audit Policies\Account Logon\Audit Credential Validation" is set as Success and Failure.
auditpol /get /category:*
If you are on the one machine that is no DC, you can check whether the setting is set as Success and Failure by opening local group policy manually.
By default, this setting is "Not Configured", this means on client it is "No Auditing", on server it is set as "Success".
Hope the information above is helpful.
Best Regards,
Daisy Zhou
===============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.