Skip to content
This repository has been archived by the owner on Dec 26, 2023. It is now read-only.

SumoLogic/sumologic-duo-security

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

29 Commits
.gitignore
.gitignore
 
 
CODEOWNERS
CODEOWNERS
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
lambda_function.py
lambda_function.py
 
 

Repository files navigation

sumologic-duo-security

Serverless collection solution to collect Duo security logs in to Sumo logic

Deprecation Notice

This legacy solution to pull logs from Duo to Sumo Logic has been replaced with a dedicated Cloud-to-Cloud Integration Framework source. We recommend customers use the Duo Cloud-to-Cloud source instead of this legacy Python collection method.

duo-source/

Sumo Logic App for Duo Security

Duo provides two-factor authentication, endpoint remediation, and secure single sign-on tools. The Sumo Logic App for Duo Security helps you monitor your Duo account’s authentication logs, administrator logs, and telephony logs. The dashboards provide insight into failed and successful authentications, events breakdown by applications, factors, and users, geo-location of events, admin activities, outliers, threat analysis of authentication, and administrator events.

Log Types

Sumo Logic App for Duo Security uses the following logs. See Duo's documentation for details of the log schema.

  • Authentication Logs
  • Administrator Logs
  • Telephony Logs

Collect Logs for Duo Security Via AWS Lambda

  1. Create an HTTP Logs and Metrics Source.
  2. Download Lambda Function code and dependencies; archive the resulting directory:
git clone https://github.com/SumoLogic/sumologic-duo-security.git
pip3 install --target ./sumologic-duo-security requests
pip3 install --target ./sumologic-duo-security duo_client
cd sumologic-duo-security && find . ! -path ".git" | zip ./archive.zip -@
  1. Upload the resulting archive.zip to AWS Lambda Console and create a Lambda function.
  2. Define Environment Variables for the Lambda Function.
  3. Add a time-based trigger for the Lambda function.

Collect Logs for Duo Security Via CronJob task deployed at Kubernetes Cluster

  1. Deploy the secret duocreds using following kubectl cmd, and replace S_KEY, I_KEY, HOST with Duo Admin API Creds. Replace COLL_ENDPOINT with Sumo Logic HTTP URL
kubectl create secret generic duocreds --from-literal=S_KEY=<REPLACE> --from-literal=I_KEY=<REPLACE> --from-literal=HOST=<REPLACE> --from-literal=COLL_ENDPOINT=<REPLACE> --from-literal=SCAN_INTERVAL_IN_SEC=300
  1. Run following cmd, this will create 5 mins cronjob to fetch Duo logs and send to Sumo Logic HTTP URL

kubectl apply -f https://sumologic-app-data.s3.amazonaws.com/Duo/hw_dep.yaml

  1. Verify
   kubectl get pods  | grep duo
   kubectl get jobs

Detailed instructions here.

Install the Duo Security App and View the Dashboards

Login in to your Sumo Logic account and install the App from App Catalog

About

Serverless collection solution for Duo security

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

3 stars

Watchers

26 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 5

Languages