add the ability to audit login failures/successes for logging in to the web interface
add the ability to audit login failures/successes for logging in to the web interface
add the ability to audit login failures/successes for logging in to the web interface
From CW#7590390:
Would like to be able to audit when users login to ScreenConnect instance, including failures. Would also like to be able to receive email notifications when failed login attempts occur on site.
Hello
When someone logs on to the web interface, Id like to log it and send it to a syslog ( more specifically Elastic Stack ) to not only keep logs but to meet certain compliance requirements.
We have ScreenConnect ( or ConnectWise ) installed on Windows on prem.
Where are these audit logs located?
Thank you
Please add this feature that can log user login history for audit and investigation.
What about logging the real, source IP? CC only logs the reverse proxy's IP address even though my reverse proxies (I tested a couple of different ones) are sending the source IP in the headers (i.e. x-forward-for, real-ip, etc). Not very effective if you can't audit the source IP. Many customers put CC behind a WAF or rproxy.
Event.EventType = 'LoginAttempt' AND Event.OperationResult = 'PasswordInvalid'
Thanks I did find a video on this later in the evening. Is there some way to allow this to report back even if the username is not valid? Anyone trying to get in brute force is more than likely NOT going to know our username.
I tried to use this event but it does not work Event.EventType = 'PasswordInvalid'
Can this audit FAILED logins only? I see LOGIN attempt but I need to sift through them all to find if any failed. If this is possible, is there a way to create a trigger to email us on failed login attempts?
Event.EventType = 'LoginAttempt' AND Event.OperationResult = 'PasswordInvalid'
Will login attempts be sent to SYSLOG? I'm sure that is what everyone is waiting for
Hi Luke,
Once security events are triggerable, we'll be able to update the Syslog Ext.
Hey there! Cody is correct, the next plan for the security events are to make them reportable (will be available soon). We will then work on adding security events to our Triggers, which is slated for later in Q3.
Will login attempts be sent to SYSLOG? I'm sure that is what everyone is waiting for
Hey there! Cody is correct, the next plan for the security events are to make them reportable (will be available soon). We will then work on adding security events to our Triggers, which is slated for later in Q3.
Trying to figure a method to be able to query login events directly for quick and dirty reporting, rather than through a 3rd party (a la Syslog as you laid out).
You might be able to do it via API but that's nothing I've any experience with personally.
Next steps with this from Control's end developmentally would likely be add into the reporting the ability to show authentication failures/successes, as well as via the dashboard visualize on successful/failed logon attempts (with the ability for it to just from the dashboard click and tell ya what you need/want)
Good luck!
Trying to figure a method to be able to query login events directly for quick and dirty reporting, rather than through a 3rd party (a la Syslog as you laid out).
Partner stated that he would like a email notification when there is a successful or failed login