Duo Security Integration Guide

This guide is intended to assist the device administrators while configuring their Duo Security devices to forward logs to SIEM Collector.

Integration of Duo Security events

To configure the Duo Security application and generate reports, enable the admin API.

The following steps help you to enable Admin API.

  1. Logon to the Web interface of Duo Security.
  2. Click on the Application Tab and click on the Protect an Application option as shown in the following image.
  3. Click on the option Protect this application under the Admin API header.

    Note: If Admin API does not exist please contact Duo Security support for enabling the Admin API. Please find below the mail id for contacting Duo Security Support.

  4. Once completed, you will get the required credentials for integration of Duo Security with QRadar.    
    a. Integration Key
    b. Secret Key
    c. API Hostname
  5. Click “select” to copy the key and save it for future use.
  6. Please select the below permission from the “Permissions” section and click “Save Changes”.

References

Duo Splunk Connector | Duo Security

How to - Configure Duo Security to forward logs to EventTracker (netsurion.com)