Have y'all considered sending syslog data into a SIEM or utilizing a WAF like a FortiWeb which can protect against credential stuffing or block connections to it by poor IP rep?

I'm not excusing the fact that there is a lack of visibility by failing to add audit logs to it, right now we track sign-ins via Duo because we're using Duo for MFA & all authentication must be via MFA.

+1. This is very much something that would be useful.

Having something automated  help immensely. otherwise people would need to have people hunting logs to find offenders to add manually or script something out in a SIEM to where if a certain event with a specific IP was registered more than X times within a specific time frame to go do this at which point could be someone accessing a firewall via CLI or something to block an IP or whatever. pain in the ass is what that'd be.

Even having some form of alerting which would allow us to have a notification go out if we received like X amount of failed attempts from a single IP within 5 minutes or something would be useful too because I do have a "Shitlist" so to speak that is maintained on our firewalls to block abusive traffic.

I’ve been curious to know how much a web application firewall could benefit. Something like a fortinet WAF. Using fortiguards reputation database to proactively block stuff based on IP reputation or the AI behavior based learning. problem is a WAF gets expensive. 

It’s also probably not super easy to build anything into the Product either

some people might be able to use a SIEM to look for logon failures or something and create an automation to add offending IP’s of consecutive logon failures into their firewall rule block list or something but still nothing is gonna be as good as an actual block list within the software itself and visibility into logon attempts whether they’re successful or not 

justin, the solution needs to be something that is native to the platform and supportable by the vendor themselves. Use of 3rd party apps and a configuration that is not supported by The vendor puts you in a position where you can be out of compliance if the modification breaks and doesn’t work.

I second this.

We'd love to see a way that we can look through logs so we can block offenders that are attempting to abuse the system.

For some organizations this would be a dealbreaker not having audit logs for failed logon attempts.

Per the email 

" 1. Build an extension that adds a button to the interface for an admin to manually end sessions that meet the criteria set (host disconnection time, guest disconnection time, and host + guest disconnection time). These will be extension settings."

I second this.

This is a much needed feature.

Where is this setting at?

I would like to implement this myself, I imagine it is something to be changed in the web.config?

I could see where this could be useful.

Reboot PC, If host is still connected have chat pull all content from when host originally connected for that session and display in the chat screen still until host disconnects, then clear it out.

Example. If host connected at 12:03PM, and you reboot at 12:08PM session would see that there is a connection as soon as it came back up, autopopulate chat screen based on knowing the session wasn't disconnected from the host side since 12:03 so all chat since 12:03 would get autopopulated back into the chat field until host disconnects then it would clear out.

including feature that allows easier searching of the logs whether it be by time frame or time frame and name of machine/user who was connected