Welcome to our community!

SYSLOG: Include Admin Access and Account Add/Modify/Changes for Audit/SEIM Integration

Avatar
ltateyama
  • updated
  • Pending Review

I understand that the syslog functionality of ScreenConnect DOES NOT INCLUDE logging of administrative logins, administrative account creations, password changes, modifications of account (ex: turn of 2FA), etc.

As this is required as part of our audit practices I would like to request that this information be included in the syslog stream.  Additionally this would give our SEIM the ability to notify us real time when unusual activity occurs on privileged accounts.

Replies 2
Avatar
0
Damon VTG

After the latest incident, this should be more than pending review! This is an absolute must as there is not an automated way to get these logs through a Windows event log entry.

Avatar
0
SamISE

Agreed, I was pretty disappointed to see that security events are not currently in scope of the syslog function. Failed/successful logins, IP source etc. are all valuable in a SIEM for data correlation and event timelining. Can we please have these added ?



Top contributors
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar