+5
Pending Review

SYSLOG: Include Admin Access and Account Add/Modify/Changes for Audit/SEIM Integration

ltateyama 4 years ago updated by SamISE 1 month ago 2

I understand that the syslog functionality of ScreenConnect DOES NOT INCLUDE logging of administrative logins, administrative account creations, password changes, modifications of account (ex: turn of 2FA), etc.

As this is required as part of our audit practices I would like to request that this information be included in the syslog stream.  Additionally this would give our SEIM the ability to notify us real time when unusual activity occurs on privileged accounts.

After the latest incident, this should be more than pending review! This is an absolute must as there is not an automated way to get these logs through a Windows event log entry.

Agreed, I was pretty disappointed to see that security events are not currently in scope of the syslog function. Failed/successful logins, IP source etc. are all valuable in a SIEM for data correlation and event timelining. Can we please have these added ?