Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

how to pull authentication logs from duosecurity

avshch
New Member
‎03-21-2016 09:02 AM

Hello,
How to pull authentication logs from duosecurity (www.duo.com) 2FA cloud service provider.
Any help is appreciated.
Thanks,

0 Karma
Reply

MuS
SplunkTrust
SplunkTrust
‎03-21-2016 01:47 PM

Hi avshch,

I have no idea about duo security, but I can google that for you http://bfy.tw/4ro7 and found this https://duo.com/docs/adminapi#logs

Which means you can get your logs using the API from duo.com ; that said you should be able to use the REST Modular input https://splunkbase.splunk.com/app/1546/ to pull the logs and index them in Splunk.

Hope that helps ...

cheers, MuS

Reply

bmacias84
Champion
‎03-21-2016 03:36 PM

Yes this is true, but you will need a custom handler and will need to track the ** mintime** request param to prevent duplicate events.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Index This | What travels the world but is also stuck in place?

April 2026 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Realizing the full potential of your Splunk investment requires more than just understanding current usage; it ...

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

As data volumes continue to grow and environments become more distributed, managing and optimizing data ...