add the ability to audit login failures/successes for logging in to the web interface
add the ability to audit login failures/successes for logging in to the web interface
Welcome to our community!
Duplicates 4
Notification on failed and successful logins
Log site logins with notification capabilities
From CW#7590390:
Would like to be able to audit when users login to ScreenConnect instance, including failures. Would also like to be able to receive email notifications when failed login attempts occur on site.
Audit logs of when someone logs on (successfully or failure) into the web interface?
Hello
When someone logs on to the web interface, Id like to log it and send it to a syslog ( more specifically Elastic Stack ) to not only keep logs but to meet certain compliance requirements.
We have ScreenConnect ( or ConnectWise ) installed on Windows on prem.
Where are these audit logs located?
Thank you
log user login history
Please add this feature that can log user login history for audit and investigation.
Replies 78
I second this.
We'd love to see a way that we can look through logs so we can block offenders that are attempting to abuse the system.
For some organizations this would be a dealbreaker not having audit logs for failed logon attempts.
...an argument could be made that the lack of an audit log makes use of Connectwise Control in Healthcare (HIPAA regulated) and Financial Services (Sarbanes-Oxley regulated) illegal and in violation of their respective requirements of: Maintain and auditing access logs.
https://www.securitymetrics.com/blog/what-are-hipaa-compliant-system-logs
Event, audit, and access logging are required for HIPAA compliance. HIPAA requires you to keep logs for at least six years. These three HIPAA requirements apply to logging and log monitoring:
- § 164.308(a)(5)(ii)(C): Log-in monitoring (Addressable). [Implement procedures] for monitoring log-in attempts and reporting discrepancies.
- § 164.312(b): Audit controls (Required). Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use ePHI.
- § 164.308(a)(1)(ii)(D): Information system activity review (Required). Implement procedures to regularly review records of information system activity, such as audit logs, access reports, and security incident tracking reports.
How is this not a thing yet? This is a feature I would have expected to be standard by now, especially with all of the MSP hijacking going on lately. Being able to track login attempts by IP I would consider essential, seems like it shouldn't be too difficult to implement given that we already get notified of successful sign-ins from new locations.
Partner stated that he would like a email notification when there is a successful or failed login