Duo Security
Version: 2.0.0
Duo security is a user-centric access security platform with two-factor authentication to protect access to sensitive data for all users, devices, and applications.
Connecting with Duo with LogicHub
- Navigate to Automations > Integrations.
- Search for Duo.
- Click Details, then the + icon. Enter the required information in the following fields.
- Label: Enter a connection name.
- Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
- Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).
- Remote Agent: Run this integration using the LogicHub Remote Agent.
- API Hostname: The API Hostname to connect to the Duo.
- Integration Key: The Integration key to connect to the Duo.
- Secret Key: The Secret key to connect to the Duo.
- After you've entered all the details, click Connect.
Actions for Duo
Get Authentication Logs
Retrieves a list of authentication log events.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Start Time | Enter the value for the start time in ISO 8601 format (default is Batch start time). Example: 2020-09-01T22:02:24-07:00. | Optional |
| End Time | Enter the value for end time in ISO 8601 format (default is Batch end time). Example: 2020-09-02T22:02:24-07:00. | Optional |
| Maximum Results | The maximum number of records returned. Must be greater than zero (Default is 100000). As API returns a maximum of 1000 records at a time so for a higher value of limit (Example 10,000) this action requires multiple API calls. | Optional |
Output
A JSON object containing multiple rows of result:
- has_error: True/False
- error: message/null
- result: List of events.
{
"access_device": {
"browser": "Chrome",
"browser_version": "85.0.4183.102",
"flash_version": null,
"hostname": null,
"ip": "10.177.127.101",
"is_encryption_enabled": "unknown",
"is_firewall_enabled": "unknown",
"is_password_set": "unknown",
"java_version": null,
"location": {
"city": "ddd",
"country": "dd",
"state": "ddddd"
},
"os": "Mac",
"os_version": "15"
},
"alias": "unknown",
"application": {
"key": "DI4IPHM9IA46JVQNRYRQN0",
"name": "portal"
},
"auth_device": {
"ip": null,
"location": {
"city": null,
"country": null,
"state": null
},
"name": null
},
"email": null,
"error": null,
"event_type": "enrollment",
"factor": "not_available",
"has_error": false,
"isotimestamp": "2020-10-06T16:07:11.555020+00:00",
"ood_software": null,
"reason": null,
"result": "success",
"timestamp": 1602000431,
"txid": "771ac38f-7b77-4bfb-8822-d53f464964af1e",
"user": {
"groups": [],
"key": "DU6V6DU9GQFD2R8W9D2U2G",
"name": "aaaaa"
}
}
Get Administrator Logs
Retrieves a list of administrator log events.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Start Time | Enter the value for the start time in ISO 8601 format (default is Batch start time). Example: 2020-09-01T22:02:24-07:00. | Optional |
| End Time | Enter the value for end time in ISO 8601 format (default is Batch end time). Example: 2020-09-02T22:02:24-07:00. | Optional |
| Maximum Results | The maximum number of records returned. Must be greater than zero (Default is 100000). As API returns a maximum of 1000 records at a time so for a higher value of limit (Example 10,000) this action requires multiple API calls. | Optional |
Output
A JSON object containing multiple rows of result:
- has_error: True/False
- error: message/null
- result: List of events.
{
"action": "integration_skey_view",
"description": null,
"error": null,
"has_error": false,
"isotimestamp": "2020-10-13T09:54:57+00:00",
"object": "Admin API",
"timestamp": 1602582897,
"username": "ghhh bh"
}
Get Telephony Logs
Retrieves a list of telephony log events.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Start Time | Enter the value for the start time in ISO 8601 format (Default is Batch start time). Example: 2020-09-01T22:02:24-07:00. | Optional |
| End Time | Enter the value for end time in ISO 8601 format (Default is Batch end time). Example: 2020-09-02T22:02:24-07:00. | Optional |
| Maximum Results | The maximum number of records returned. Must be greater than zero (Default is 100000). As API returns a maximum of 1000 records at a time so for a higher value of limit (Example 10,000) this action requires multiple API calls. | Optional |
Output
A JSON object containing multiple rows of result:
- has_error: True/False
- error: message/null
- result: List of events.
{
"context": "administrator login",
"credits": 5,
"error": null,
"has_error": false,
"isotimestamp": "2020-10-05T13:51:00+00:00",
"phone": "+167676655",
"timestamp": 1601905860,
"type": "sms"
}
Get Offline Enrollment Logs
Returns a list of Duo Authentication for Windows Logon offline enrollment events.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Start Time | Enter the value for the start time in ISO 8601 format (Default is Batch start time). Example: 2020-09-01T22:02:24-07:00. | Optional |
| End Time | Enter the value for end time in ISO 8601 format (Default is Batch end time). Example: 2020-09-02T22:02:24-07:00. | Optional |
| Maximum Results | The maximum number of records returned. Must be greater than zero (Default is 100000). As API returns a maximum of 1000 records at a time so for a higher value of limit (Example 10,000) this action requires multiple API calls. | Optional |
Output
A JSON object containing multiple rows of result:
- has_error: True/False
- error: message/null
- result: List of events.
{
"action": "o2fa_user_provisioned",
"description": "{user_agent: DuoCredProv/4.0.6.413 (Windows NT 6.3.9600; x64; Server), hostname: WKSW10x64, factor: duo_otp}",
"isotimestamp": "2019-08-30T16:10:05+00:00",
"object": "Acme Laptop Windows Logon",
"timestamp": 1567181405,
"username": "narroway"
}
Release Notes
v2.0.0- Updated architecture to support IO via filesystem
Updated 6 months ago