add the ability to audit login failures/successes for logging in to the web interface
add the ability to audit login failures/successes for logging in to the web interface
Welcome to our community!
Duplicates 4
Notification on failed and successful logins
Log site logins with notification capabilities
From CW#7590390:
Would like to be able to audit when users login to ScreenConnect instance, including failures. Would also like to be able to receive email notifications when failed login attempts occur on site.
Audit logs of when someone logs on (successfully or failure) into the web interface?
Hello
When someone logs on to the web interface, Id like to log it and send it to a syslog ( more specifically Elastic Stack ) to not only keep logs but to meet certain compliance requirements.
We have ScreenConnect ( or ConnectWise ) installed on Windows on prem.
Where are these audit logs located?
Thank you
log user login history
Please add this feature that can log user login history for audit and investigation.
Replies 78
We are using the Syslog extension to our SIEM tool which is working well, However this only seems to log information about authorised sessions and connections to remote machines. It should also log connections to the control web interface. Can you please look at this ASAP as like everyone else, we take security very seriously and currently it seems connectwise do not.
I have not seen any moderators or Connectwise support specialist reply to this tread at all. Is anyone updating this tread and can we get answers as to why these features are not already in place. My firm recently switched to Connectwise and Control and these audit features were sold to us as being "Already in place.". That is obviously not the case. Can someone from Connectwise please respond to all of our inquiries? JP is right, 2FA does not resolve these issues. Please respond.
Caitlin M Barnes Team Member
Hi Rich,
We are still actively reviewing this feature and how best to architect it. Security is our top priority, and something we take very seriously. As to what you were told about login auditing when you purchased the product -- we'll have to follow up with Sales and make sure all information is correctly relayed.
Hi Rich,
We are still actively reviewing this feature and how best to architect it. Security is our top priority, and something we take very seriously. As to what you were told about login auditing when you purchased the product -- we'll have to follow up with Sales and make sure all information is correctly relayed.
Your statement ("Security is our top priority") CAN'T be true AND this security bug be outstanding for over 4 years. ConnectWise has prioritized hundreds of enhancements and fixes for years and neglected to resolve this.
You are not responding to an ignorant audience that is going to simply believe it is something "[you] take very seriously" because you said. We can all see how this has been handled.
https://controlforum.connectwise.com/yaf_postsm28485findunread_fail2ban-working-example.aspx
Works great on self hosted.
I now have a log of successful and failed logins by ip and ban appropriately.If you set your timezone, be sure to reboot or fail2ban won't work...
port setting should be whatever ports you want banned.
justin, the solution needs to be something that is native to the platform and supportable by the vendor themselves. Use of 3rd party apps and a configuration that is not supported by The vendor puts you in a position where you can be out of compliance if the modification breaks and doesn’t work.
Partner stated that he would like a email notification when there is a successful or failed login