Justin - can we really attribute that ransomware to Screen Connect?  or just to "not using 2FA" in general?  Seems a little disingenuous.

Regardless if 2FA is implemented - auditing login attempts to the web port, and traffic to the relay port, is something we should all want, and not because of satisfying some compliance requirement - but because you should be reviewing all traffic and making firewall rules to prevent unwanted traffic - on a daily basis.  Are we IT professionals here, or are we just a manager looking to check another box on the joke that is a compliance survey?

It's disappointing that after jacking the price of ScreenConnect up 1000 X all that's been accomplished under ConnectWise is a massive effort to sell the product as a cloud service, instead of real thoughtfulness to security.  Auditing (at least logs) of connection attempts to the web and relay ports should be made available - somehow - and regardless if you're using the cloud service or an on-prem install.  Don't get me started on all the things your missing by running in the cloud - on prem is still a requirement for some business that aren't drinking the cool-aid.

We also NEED this.  Doesn't matter if 2FA is enabled, someone can still bring the server to it's knees with invalid attempts.

I need at least a log file of attempts to the web interface, but also a log of attempts on the relay server port.