Duo Security

Version: Duo Security Web UI and Duo Security mobile application.

Duo Security verifies the identity of users and protects against breaches due to phishing and other password attacks. It comes with an easy-to-use two-factor authentication solution that adds another layer of security to their logins.

Netsurion's Open XDR platform can be integrated with Duo Security using its API. It helps you to visualize the Duo login activities happening by client based on user geolocation, username and login attributes which helps you to find the compromised user login.

Netsurion's Open XDR platform also alerts you if any fraud user is trying to login. It also monitors the audit activities of Duo and helps you to visualize the user management, group management, access management activities, policy changes and other changes which are happening on Duo Security.

Netsurion's Open XDR platform can also generate schedule report for user management activities, changes happening in Duo Security (policy changes, user & group changes, enrollment of devices & application in Duo).

  • Security - Authentication failed, and login failed events.
  • Compliance - Policy management, user management, user enrollment, telephony events.
  • Operation - Admin self-activation, authentication successful events.

After the Duo Security is configured to deliver events to the Netsurion's Open XDR platform, the dashboards and reports can be configured into Netsurion's Open XDR platform.

Some of the Data Source Integrations available in Netsurion are listed below.

Alerts

Type Name Description
Security Duo Security - Authentication failed This alert is triggered when the user tries to login but fails due to anonymous IP, call timed out, denied by policy, user marked as fraud, invalid passcode, etc.
Security Duo Security - Login failed This alert is generated when there is issue completing the primary password or SAML authentication, issue completing secondary authentication.
Security Duo Security - Fraud user detected This alert is triggered when the user is marked as fraud and the same user tries to login to the Duo Security web UI portal.
Security Duo Security - User deleted This alert is triggered when the user is deleted from the Duo Security web console.

Reports

Type Name Description
Security Duo Security – Authentication failed This report provides information related to authentication failure for a user, reason for failure, 2factor authentication detail, device name, username, and IP address.
Security Duo Security – Login failed This report provides information when the user enters the primary password authentication or have issue completing the 2F authentication.
Operations Duo Security – Admin self-activation This report provides information related to the Duo Security admin account trying to activate by itself.
Operations Duo Security – Authentication success This report provides information related to authentication success allowed by policy, bypass user name, remembered device, trusted location, trusted network, approved by the user, etc.
Operations Duo Security – Login success This report provides information when the user enters the primary password authentication and completes 2F authentication.
Compliance Duo Security – Policy management This report provides information related to the policy created, policy updated, policy deleted, policy name, username, etc.
Compliance Duo Security – User management This report provides information related to user-created, user-updated, user-deleted, user-name and admin name.
Compliance Duo Security – Offline enrollment This report provides information related to device enrollments, user agent detail, 2Factor authentication, user name etc.
Compliance Duo Security – Authentication by mobile This report provides information related to a mobile device allowed access, mobile number, credits used for allowing access, etc.

Documentation

The configuration details are consistent with Netsurion's Open XDR platform version 9.2 or later, and Duo Security Web UI and Duo Security mobile application.

Download Integration Guide and How-to Guide for more information and to configuration instructions.

This site uses cookies to store information on your computer. Some are essential to make our site work; others help us improve the user experience. By using the site, you consent to the placement of these cookies. Read our Privacy Statement to learn more.

I Accept