add the ability to audit login failures/successes for logging in to the web interface

Avatar
  • updated
  • Completed

add the ability to audit login failures/successes for logging in to the web interface

Duplicates 4
Notification on failed and successful logins

Partner stated that he would like a email notification when there is a successful or failed login

Log site logins with notification capabilities

From CW#7590390:

Would like to be able to audit when users login to ScreenConnect instance, including failures. Would also like to be able to receive email notifications when failed login attempts occur on site.

Audit logs of when someone logs on (successfully or failure) into the web interface?

Hello

When someone logs on to the web interface, Id like to log it and send it to a syslog ( more specifically Elastic Stack ) to not only keep logs but to meet certain compliance requirements.

We have ScreenConnect ( or ConnectWise ) installed on Windows on prem.

Where are these audit logs located?

Thank you

log user login history

Please add this feature that can log user login history for audit and investigation.

Avatar
4
Ryan

He would also like a trigger that sends him an email in case of login success/failure

Avatar
4
TheCaptain

I like this idea,

Would be nice to have something like this to know if someone is attempting to abuse the service we would be able to take action.

Email notification if there are X amount of failed login attempts over X period of time.

Avatar
1
Steven

This information should be able to be obtained on the client machine directly as well, in case the machine isn't connecting to the server to provide it's information to be seen in the web interface.

Avatar
0
anonymous
  • Pending Review
Avatar
0
Mike Bannerman Team Member
  • Under Review
Avatar
0
Mike Bannerman Team Member
  • Roadmapped
Avatar
0
anonymous
  • Planning
Avatar
2
TheCaptain

Additionally, to add on to what I listed above.

Will there be any options or plans in the future to also have an automatic block feature where if someone failed 5 logon attempts consecutively in a 30 minute time period it would deny connections from their IP address? From there you could determine if it will automatically lift the block after X amount of time or be a permanent block.

Side note we'd have to be careful with this because if lets say some internal person fat fingered their pass 5 times and they were at a client location trying to log on, would it deny connections from all clients at that location coming from that IP address?...

Just food for thought.





Avatar
1
Mike Bannerman Team Member
  • Under Review
Avatar
1
anonymous
  • Roadmapped


Top contributors

Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar