SYSLOG: Include Admin Access and Account Add/Modify/Changes for Audit/SEIM Integration
I understand that the syslog functionality of ScreenConnect DOES NOT INCLUDE logging of administrative logins, administrative account creations, password changes, modifications of account (ex: turn of 2FA), etc.
As this is required as part of our audit practices I would like to request that this information be included in the syslog stream. Additionally this would give our SEIM the ability to notify us real time when unusual activity occurs on privileged accounts.
Agreed, I was pretty disappointed to see that security events are not currently in scope of the syslog function. Failed/successful logins, IP source etc. are all valuable in a SIEM for data correlation and event timelining. Can we please have these added ?