Cisco Duo
- What is Discovered and Monitored
- Event Types
- Rules
- Reports
- Configuring Cisco Duo
- Configuring FortiSIEM
- Sample Events
What is Discovered and Monitored
Protocol | Information Discovered |
Metrics/LOGs Collected |
Used For |
---|---|---|---|
API | Host name and Device Type from LOG |
4 log types |
Security and Compliance |
Event Types
Go to Admin > Device Type > Event Types and search for “Cisco-Duo”.
Rules
None
Reports
None
Configuring Cisco Duo
Follow these steps to configure Cisco Duo to send logs to FortiSIEM.
- Contact Cisco Duo support to enable the Admin API.
- Get a credential for Cisco Duo: open the Cisco Duo dashboard and go to Application > Admin API.
- Select the Integration key, Secret key, and API hostname options.
Configuring FortiSIEM
Follow these steps to configure FortiSIEM to receive Cisco Duo logs.
- In the FortiSIEM UI, go to ADMIN > Setup > Credentials.
- Click New to create a Cisco Duo credential.
Setting Value Name Enter a name for the credential. Device Type Cisco Duo Security Access Protocol Cisco Duo Admin REST API Pull Interval (minutes) 2 Integration Key Enter the integration key you obtained from Cisco Duo. Secret Key Enter the secret key you obtained from Cisco Duo. Description Enter an optional description for the credential. - In Step 2, click Add to create a new association between the credential and the API hostname.
- Select Test Connectivity without Ping.
A pop up will appear and show the connectivity results.
- Go to the ANALYTICS page and check for Cisco Duo logs.
Sample Events
These events are collected via API:
FSM-CiscoDuo-Auth] [1] {"access_device":{"browser":"Chrome","browser_version":"67.0.3396.99","flash_version":"uninstalled","hostname":"null","ip":"169.232.89.219","java_version":"uninstalled","location":{"city":"Ann Arbor","country":"United States","state":"Michigan"},"os":"Mac OS X","os_version":"10.14.1"},"application":{"key":"DIY231J8BR23QK4UKBY8","name":"Microsoft Azure Active Directory"},"auth_device":{"ip":"192.168.225.254","location":{"city":"Ann Arbor","country":"United States","state":"Michigan"},"name":"My iPhone X (734-555-2342)"},"event_type":"authentication","factor":"duo_push","reason":"user_approved","result":"success","timestamp":1532951962,"trusted_endpoint_status":"not trusted","txid":"340a23e3-23f3-23c1-87dc-1491a23dfdbb","user":{"key":"DU3KC77WJ06Y5HIV7XKQ","name":"narroway@example.com"}}