Security

how to pull authentication logs from duosecurity

avshch
New Member

Hello,
How to pull authentication logs from duosecurity (www.duo.com) 2FA cloud service provider.
Any help is appreciated.
Thanks,

0 Karma

MuS
Legend

Hi avshch,

I have no idea about duo security, but I can google that for you http://bfy.tw/4ro7 and found this https://duo.com/docs/adminapi#logs

Which means you can get your logs using the API from duo.com ; that said you should be able to use the REST Modular input https://splunkbase.splunk.com/app/1546/ to pull the logs and index them in Splunk.

Hope that helps ...

cheers, MuS

bmacias84
Champion

Yes this is true, but you will need a custom handler and will need to track the ** mintime** request param to prevent duplicate events.

0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

 (view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...