Duo Security

Duo security is a user-centric access security platform with two-factor authentication to protect access to sensitive data for all users, devices, and applications.

Integration with LogicHub

Connecting with Duo

To connect to Duo following details are required:

  • Label: Connection name.
  • Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
  • API Hostname: The API Hostname to connect to the Duo.
  • Integration Key: The Integration key to connect to the Duo.
  • Secret Key: The Secret key to connect to the Duo.

Actions with Duo

Get Authentication Logs

Retrieves a list of authentication log events.

Inputs to this Action

  • Connection: Choose a connection that you have created.
  • Start Time (Optional): Enter the value for the start time in ISO 8601 format (default is Batch start time). Example: 2020-09-01T22:02:24-07:00.
  • End Time (Optional): Enter the value for end time in ISO 8601 format (default is Batch end time). Example: 2020-09-02T22:02:24-07:00.
  • Maximum Results (Optional): The maximum number of records returned. Must be greater than zero (Default is 100000). As API returns a maximum of 1000 records at a time so for a higher value of limit (Example 10,000) this action requires multiple API calls.

Output of Action
JSON containing the following items:

  • has_error: True/False
  • error: message/null
  • result: List of events.
{
  "access_device": {
    "browser": "Chrome",
    "browser_version": "85.0.4183.102",
    "flash_version": null,
    "hostname": null,
    "ip": "10.177.127.101",
    "is_encryption_enabled": "unknown",
    "is_firewall_enabled": "unknown",
    "is_password_set": "unknown",
    "java_version": null,
    "location": {
      "city": "ddd",
      "country": "dd",
      "state": "ddddd"
    },
    "os": "Mac",
    "os_version": "15"
  },
  "alias": "unknown",
  "application": {
    "key": "DI4IPHM9IA46JVQNRYRQN0",
    "name": "portal"
  },
  "auth_device": {
    "ip": null,
    "location": {
      "city": null,
      "country": null,
      "state": null
    },
    "name": null
  },
  "email": null,
  "error": null,
  "event_type": "enrollment",
  "factor": "not_available",
  "has_error": false,
  "isotimestamp": "2020-10-06T16:07:11.555020+00:00",
  "ood_software": null,
  "reason": null,
  "result": "success",
  "timestamp": 1602000431,
  "txid": "771ac38f-7b77-4bfb-8822-d53f464964af1e",
  "user": {
    "groups": [],
    "key": "DU6V6DU9GQFD2R8W9D2U2G",
    "name": "aaaaa"
  }
}

Get Administrator Logs

Retrieves a list of administrator log events.

Inputs to this Action

  • Connection: Choose a connection that you have created.
  • Start Time (Optional): Enter the value for the start time in ISO 8601 format (default is Batch start time). Example: 2020-09-01T22:02:24-07:00.
  • End Time (Optional): Enter the value for end time in ISO 8601 format (default is Batch end time). Example: 2020-09-02T22:02:24-07:00.
  • Maximum Results (Optional): The maximum number of records returned. Must be greater than zero (Default is 100000). As API returns a maximum of 1000 records at a time so for a higher value of limit (Example 10,000) this action requires multiple API calls.

Output of Action
JSON containing the following items:

  • has_error: True/False
  • error: message/null
  • result: List of events.
{
  "action": "integration_skey_view",
  "description": null,
  "error": null,
  "has_error": false,
  "isotimestamp": "2020-10-13T09:54:57+00:00",
  "object": "Admin API",
  "timestamp": 1602582897,
  "username": "ghhh bh"
}

Get Telephony Logs

Retrieves a list of telephony log events.

Inputs to this Action

  • Connection: Choose a connection that you have created.
  • Start Time (Optional): Enter the value for the start time in ISO 8601 format (Default is Batch start time). Example: 2020-09-01T22:02:24-07:00.
  • End Time (Optional): Enter the value for end time in ISO 8601 format (Default is Batch end time). Example: 2020-09-02T22:02:24-07:00.
  • Maximum Results (Optional): The maximum number of records returned. Must be greater than zero (Default is 100000). As API returns a maximum of 1000 records at a time so for a higher value of limit (Example 10,000) this action requires multiple API calls.

Output of Action
JSON containing the following items:

  • has_error: True/False
  • error: message/null
  • result: List of events.
{
  "context": "administrator login",
  "credits": 5,
  "error": null,
  "has_error": false,
  "isotimestamp": "2020-10-05T13:51:00+00:00",
  "phone": "+167676655",
  "timestamp": 1601905860,
  "type": "sms"
}

Get Offline Enrollment Logs

Returns a list of Duo Authentication for Windows Logon offline enrollment events.

Inputs to this Action

  • Connection: Choose a connection that you have created.
  • Start Time (Optional): Enter the value for the start time in ISO 8601 format (Default is Batch start time). Example: 2020-09-01T22:02:24-07:00.
  • End Time (Optional): Enter the value for end time in ISO 8601 format (Default is Batch end time). Example: 2020-09-02T22:02:24-07:00.
  • Maximum Results (Optional): The maximum number of records returned. Must be greater than zero (Default is 100000). As API returns a maximum of 1000 records at a time so for a higher value of limit (Example 10,000) this action requires multiple API calls.

Output of Action
JSON containing the following items:

  • has_error: True/False
  • error: message/null
  • result: List of events.
{
  "action": "o2fa_user_provisioned",
  "description": "{user_agent: DuoCredProv/4.0.6.413 (Windows NT 6.3.9600; x64; Server), hostname: WKSW10x64, factor: duo_otp}",
  "isotimestamp": "2019-08-30T16:10:05+00:00",
  "object": "Acme Laptop Windows Logon",
  "timestamp": 1567181405,
  "username": "narroway"
}

Did this page help you?