+51
Considering for Future Release

add the ability to audit login failures/successes for logging in to the web interface

Ryan 4 years ago updated by David T 2 weeks ago 17 2 duplicates

add the ability to audit login failures/successes for logging in to the web interface

Available in Version:

Duplicates 2

+1

He would also like a trigger that sends him an email in case of login success/failure

+2

I like this idea,

Would be nice to have something like this to know if someone is attempting to abuse the service we would be able to take action.

Email notification if there are X amount of failed login attempts over X period of time.

+1

This information should be able to be obtained on the client machine directly as well, in case the machine isn't connecting to the server to provide it's information to be seen in the web interface.

Under Review
+1

Additionally, to add on to what I listed above.

Will there be any options or plans in the future to also have an automatic block feature where if someone failed 5 logon attempts consecutively in a 30 minute time period it would deny connections from their IP address? From there you could determine if it will automatically lift the block after X amount of time or be a permanent block.

Side note we'd have to be careful with this because if lets say some internal person fat fingered their pass 5 times and they were at a client location trying to log on, would it deny connections from all clients at that location coming from that IP address?...

Just food for thought.





+1
Under Review
+1
Roadmapped
+1
Planning
+1
Under Review
+2
Considering for Future Release

Seems like a no-brainer.

We have no way, from Screen Connect server, to determine if we are getting brute forced or not. 

+2

Still pending on this one? Maybe this should be moved up in the list now that you're enforcing 2FA and strongly encouraging use because of all the MSP targeted hacking going on of late. 

+1

I second this.

We'd love to see a way that we can look through logs so we can block offenders that are attempting to abuse the system.

For some organizations this would be a dealbreaker not having audit logs for failed logon attempts.

+2

...an argument could be made that the lack of an audit log makes use of Connectwise Control in Healthcare (HIPAA regulated) and Financial Services (Sarbanes-Oxley regulated) illegal and in violation of their respective requirements of: Maintain and auditing access logs.

https://www.securitymetrics.com/blog/what-are-hipaa-compliant-system-logs

Event, audit, and access logging are required for HIPAA compliance. HIPAA requires you to keep logs for at least six years. These three HIPAA requirements apply to logging and log monitoring:

  • § 164.308(a)(5)(ii)(C): Log-in monitoring (Addressable). [Implement procedures] for monitoring log-in attempts and reporting discrepancies.
  • § 164.312(b): Audit controls (Required). Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use ePHI.
  • § 164.308(a)(1)(ii)(D): Information system activity review (Required). Implement procedures to regularly review records of information system activity, such as audit logs, access reports, and security incident tracking reports.