...
Duo security is a user-centric access security platform with two-factor authentication to protect access to sensitive data for all users, devices, and applications.
Connecting with Duo with Devo SOAR
Navigate to Automations > Integrations.
Search for Duo.
Click Details, then the + icon. Enter the required information in the following fields.
Label: Enter a connection name.
Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).
Remote Agent: Run this integration using the Devo SOAR Remote Agent.
API Hostname: The API Hostname to connect to the Duo.
Integration Key: The Integration key to connect to the Duo.
Secret Key: The Secret key to connect to the Duo.
After you've entered all the details, click Connect.
Actions for Duo
Get Authentication Logs
Retrieves a list of authentication log events.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
|---|---|---|
Start Time | Enter the value for the start time in ISO 8601 format (default is Batch start time). | |
Example: 2020-09-01T22:02:24-07:00. | Optional | |
End Time | Enter the value for end time in ISO 8601 format (default is Batch end time). | |
Example: 2020-09-02T22:02:24-07:00. | Optional | |
Maximum Results | The maximum number of records returned. Must be greater than zero (Default is 100000). As API returns a maximum of 1000 records at a time so for a higher value of limit (Example 10,000) this action requires multiple API calls. | Optional |
Output
A JSON object containing multiple rows of result:
...
| Code Block |
|---|
## Get Administrator Logs
Retrieves a list of administrator log events.
### Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
| : -------- | : -------- | : -------- |
| Start Time | Enter the value for the start time in ISO 8601 format (default is Batch start time).
Example: 2020-09-01T22:02:24-07:00. | Optional |
| End Time | Enter the value for end time in ISO 8601 format (default is Batch end time).
Example: 2020-09-02T22:02:24-07:00. | Optional |
| Maximum Results | The maximum number of records returned. Must be greater than zero (Default is 100000). As API returns a maximum of 1000 records at a time so for a higher value of limit (Example 10,000) this action requires multiple API calls. | Optional |
### Output
A JSON object containing multiple rows of result:
- has_error: True/False
- error: message/null
- result: List of events.
``` {json}{
"action": "integration_skey_view",
"description": null,
"error": null,
"has_error": false,
"isotimestamp": "2020-10-13T09:54:57+00:00",
"object": "Admin API",
"timestamp": 1602582897,
"username": "ghhh bh"
} |
Get Telephony Logs
Retrieves a list of telephony log events.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
|---|---|---|
Start Time | Enter the value for the start time in ISO 8601 format (Default is Batch start time). | |
Example: 2020-09-01T22:02:24-07:00. | Optional | |
End Time | Enter the value for end time in ISO 8601 format (Default is Batch end time). | |
Example: 2020-09-02T22:02:24-07:00. | Optional | |
Maximum Results | The maximum number of records returned. Must be greater than zero (Default is 100000). As API returns a maximum of 1000 records at a time so for a higher value of limit (Example 10,000) this action requires multiple API calls. | Optional |
Output
A JSON object containing multiple rows of result:
...
| Code Block |
|---|
## Get Offline Enrollment Logs
Returns a list of Duo Authentication for Windows Logon offline enrollment events.
### Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
| : -------- | : -------- | : -------- |
| Start Time | Enter the value for the start time in ISO 8601 format (Default is Batch start time).
Example: 2020-09-01T22:02:24-07:00. | Optional |
| End Time | Enter the value for end time in ISO 8601 format (Default is Batch end time).
Example: 2020-09-02T22:02:24-07:00. | Optional |
| Maximum Results | The maximum number of records returned. Must be greater than zero (Default is 100000). As API returns a maximum of 1000 records at a time so for a higher value of limit (Example 10,000) this action requires multiple API calls. | Optional |
### Output
A JSON object containing multiple rows of result:
- has_error: True/False
- error: message/null
- result: List of events.
``` {json}{
"action": "o2fa_user_provisioned",
"description": "{user_agent: DuoCredProv/4.0.6.413 (Windows NT 6.3.9600; x64; Server), hostname: WKSW10x64, factor: duo_otp}",
"isotimestamp": "2019-08-30T16:10:05+00:00",
"object": "Acme Laptop Windows Logon",
"timestamp": 1567181405,
"username": "narroway"
} |
Release Notes
v2.0.0- Updated architecture to support IO via filesystem
...