The Duo Auth API is a low-level, RESTful API for adding strong two-factor authentication to your website or application.
- Admin Login credentials for the DUO Auth.
- Username, Secret key, API host.
Generate the API Credentials on the DUO Auth
First, you’ll need to add the Duo Admin API to your Duo instance.
- Log into the admin portal located at https://admin.duosecurity.com
- Click Applications -> Protect an Application
- Select the DUO Admin API
- Copy the keys – Once the “Duo Admin API” application is created, you’ll need to copy the hostname and key values to use in the Duo Log Sync configuration.
- Save the Integration Key (ikey), Secret key (skey) and API hostname (hostname) values here to populate the configuration script and processed further.
Configure a feed in Chronicle
- Open Settings in Chronicle and browser to Feeds
- In Feeds, click Add New
3. Select Third party API source type and then select DUO Auth as log source as shown in below image
4. Click Next after which you have to enter the required parameters as below
5. Click Next and Finalize