Security

Duo Security - 2Factor Auth

j666gak
Communicator

Hello,

I have just installed Splunk on my VPS. Being internet facing I wanted 2factor auth, the only program I could see was Duo Security. I have installed their module from GitHub, and followed the install instructions as directed. However, once I enter the credentials it is forwarded on to another page showing 'Invalid Integration'

So my question is if anybody else is using the integration? and also if anybody is using with Splunk 6? could really use some help to get it fixed please.

I am using CentOS 6.5

Cheers

0 Karma

tawollen
Path Finder

This should help you. Duo currently broken for anything > 6.2, here is a fix..

https://answers.splunk.com/answers/318889/duo-security-broken-in-splunk-63.html

0 Karma

wrangler2x
Motivator

I was using duo 2-F on my splunkweb on 5.1.3 and it worked fine. But after I upgraded to 6.1.4 (which wiped-out the duo code) and installed the latest duo code following these directions https://www.duosecurity.com/docs/splunk it broke splunkweb. Actually, more correctly, it worked the first time I logged on then after that quit working. I'm not using it now.

0 Karma

wrangler2x
Motivator

It works great on the 6.5 release and up, and is built into Splunk now. Go to settings, How to set it up here: https://docs.splunk.com/Documentation/Splunk/7.1.2/Security/ConfigureDuo

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In September, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...

New in Observability - Improvements to Custom Metrics SLOs, Log Observer Connect & ...

The latest enhancements to the Splunk observability portfolio deliver improved SLO management accuracy, better ...

Improve Data Pipelines Using Splunk Data Management

  Register Now   This Tech Talk will explore the pipeline management offerings Edge Processor and Ingest ...