Duo Security
Version: Duo Security Web UI and Duo Security mobile application.
Duo Security verifies the identity of users and protects against breaches due to phishing and other password attacks. It comes with an easy-to-use two-factor authentication solution that adds another layer of security to their logins.
Netsurion Open XDR can be integrated with Duo Security using its API. It helps you to visualize the Duo login activities happening by client based on user geolocation, username and login attributes which helps you to find the compromised user login.
Netsurion Open XDR also alerts you if any fraud user is trying to login. It also monitors the audit activities of Duo and helps you to visualize the user management, group management, access management activities, policy changes and other changes which are happening on Duo Security.
Netsurion Open XDR can also generate schedule report for user management activities, changes happening in Duo Security (policy changes, user & group changes, enrollment of devices & application in Duo).
- Security – Authentication failed, and login failed events.
- Compliance – Policy management, user management, user enrollment, telephony events.
- Operation – Admin self-activation, authentication successful events.
After the Duo Security is configured to deliver events to the Netsurion Open XDR, the dashboards and reports can be configured into Netsurion Open XDR.
The following are the key Data Source Integration available in Netsurion Open XDR.
Alerts
| Type | Name | Description |
|---|---|---|
| Security | Duo Security – Authentication failed | This alert is triggered when the user tries to login but fails due to anonymous IP, call timed out, denied by policy, user marked as fraud, invalid passcode, etc. |
| Security | Duo Security – Login failed | This alert is generated when there is issue completing the primary password or SAML authentication, issue completing secondary authentication. |
| Security | Duo Security – Fraud user detected | This alert is triggered when the user is marked as fraud and the same user tries to login to the Duo Security web UI portal. |
| Security | Duo Security – User deleted | This alert is triggered when the user is deleted from the Duo Security web console. |
Reports
| Type | Name | Description |
|---|---|---|
| Security | Duo Security – Authentication failed | This report provides information related to authentication failure for a user, reason for failure, 2factor authentication detail, device name, username, and IP address. |
| Security | Duo Security – Login failed | This report provides information when the user enters the primary password authentication or have issue completing the 2F authentication. |
| Operations | Duo Security – Admin self-activation | This report provides information related to the Duo Security admin account trying to activate by itself. |
| Operations | Duo Security – Authentication success | This report provides information related to authentication success allowed by policy, bypass user name, remembered device, trusted location, trusted network, approved by the user, etc. |
| Operations | Duo Security – Login success | This report provides information when the user enters the primary password authentication and completes 2F authentication. |
| Compliance | Duo Security – Policy management | This report provides information related to the policy created, policy updated, policy deleted, policy name, username, etc. |
| Compliance | Duo Security – User management | This report provides information related to user-created, user-updated, user-deleted, user-name and admin name. |
| Compliance | Duo Security – Offline enrollment | This report provides information related to device enrollments, user agent detail, 2Factor authentication, user name etc. |
| Compliance | Duo Security – Authentication by mobile | This report provides information related to a mobile device allowed access, mobile number, credits used for allowing access, etc. |
Documentation
The configuration details are consistent with Netsurion Open XDR 9.2 or later, and Duo Security Web UI and Duo Security mobile application.
Download Integration Guide and How-to Guide for configuration instructions and more information.