Security

how to pull authentication logs from duosecurity

avshch
New Member

Hello,
How to pull authentication logs from duosecurity (www.duo.com) 2FA cloud service provider.
Any help is appreciated.
Thanks,

0 Karma

MuS
SplunkTrust
SplunkTrust

Hi avshch,

I have no idea about duo security, but I can google that for you http://bfy.tw/4ro7 and found this https://duo.com/docs/adminapi#logs

Which means you can get your logs using the API from duo.com ; that said you should be able to use the REST Modular input https://splunkbase.splunk.com/app/1546/ to pull the logs and index them in Splunk.

Hope that helps ...

cheers, MuS

bmacias84
Champion

Yes this is true, but you will need a custom handler and will need to track the ** mintime** request param to prevent duplicate events.

0 Karma
Get Updates on the Splunk Community!

Using Machine Learning for Hunting Security Threats

WATCH NOW Seeing the exponential hike in global cyber threat spectrum, organizations are now striving more for ...

Observability Newsletter Highlights | March 2023

 March 2023 | Check out the latest and greatestSplunk APM's New Tag Filter ExperienceSplunk APM has updated ...

Security Newsletter Updates | March 2023

 March 2023 | Check out the latest and greatestUnify Your Security Operations with Splunk Mission Control The ...