Recent Searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Duo Logs Configuration

            Modified on Wed, 06 Mar 2024 at 08:15 AM

            TABLE OF CONTENTS

            Part 1: Generate Duo App Integration and Secret Key

            1. Log in to the Duo dashboard for your organization as the owner account.

            2. In the left navigation pane, select 'Applications'.


            3. Select 'Protect an Application', then use the search bar locate 'Admin API'.


            4. Select 'Protect' for the Admin API application to begin the configuration.

            5. Admin API configuration:
              1. Details: Record the following for future reference: Integration Key, Secret Key, API Hostname.


              2. Settings: 
                1. Permissions: Select 'Grant read log'.


                2. Network for API access: Add the network CIDR you wish to grant inbound access for API calls. If nothing is specified, all inbound access is allowed.


                3. Notes: Add any relevant notes.

              3. Select 'Save Changes' to complete.

            Part 2: Configure ARIA ADR Duo Log Ingestion

            1. Log in to the APE Dashboard and access your tenant.

            2. In the left navigation pane, select 'Provisioning > Add-on Devices > Add-on Configuration'.


            3. Select 'Add' to begin configuration. In the menu, locate 'Duo Log / Duo Security' and select it.


            4. Fill in the text boxes as follows:
              1. Device: Duo Log.

              2. Name: Choose a descriptive name (e.g. "Duo Security Logs").

              3. CCE Host: CCE IP Address. If unsure, check 'System > Log/Flow Collection Status'.

              4. Access ID / User Name: Use the Integration key recorded from Duo configuration.

              5. Password/Secret Key: Use the secret key recorded from Duo configuration.

              6. Config: Paste the following, replacing <API_HOSTNAME> with the API hostname recorded from Duo configuration.
                {"api_host": "<API_HOSTNAME>"}


            5. When finished, select 'Save'.


            Part 3: Verify Duo Log Ingestion

            1. Log in to the APE UI and access your tenant.

            2. If the left navigation pane, select 'System > Log/Flow Collection Status'.

            3. If configured correctly, you will see an entry with your CCE IP with the Device Type of 'duo'.


            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select atleast one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0