Duo Security
Source Connector
Overview
This source connector fetches logs from the Duo Admin API.
Streams
| Data Source | Stream Name |
|---|---|
| Authentication Logs | authentication_logs |
| Authentication Logs (Legacy v1) | administrator_logs |
| Activity Logs | activity_logs |
| Offline Enrollment Logs | offline_enrollment_logs |
| Telephony Logs (Legacy v1) | telephony_logs |
Prerequisites
Duo Security HTTP requests to the REST API are protected with HTTP Basic authentication. You will use your Duo Security Integration Key as the username and your Secret Key as the password for HTTP Basic authentication along with the API hostname.
Under Protect an Application, locate the entry for Admin API in applications list. Click Protect to the far-right to configure the application and get your integration key, secret key, and API hostname. You'll need this information to complete your setup.
Find more details about setting up Admin API here.
Configuration
| Field | Required | Description | |
|---|---|---|---|
| Start Date | no | Date and time in UTC. Authentication logs before this datetime will not be replicated. | 2020-10-01T00:00:00Z |
Authentication
| Field | Required | Description | Example |
|---|---|---|---|
| API Hostname | yes | API Hostname | api-12345678.duosecurity.com |
| Integration Key | yes | API Integration Key | ABC123...GH789JK |
| Secret Key | yes | API Secret Key | abc123...kx9ZFPH |
Connector Limitations
- The API is limited by a rate limit of 1 call/minute. Meaning running 2 tests in the same minute may fail, or running a test while a connector is running may cause either the test or the connector's API request to fail.
- Data ingestion may be affected by the Log Retention settings in the Duo Admin Panel.
Updated 7 days ago