Duo Admin API
Duo Admin API access guide https://duo.com/docs/adminapi#api-details
Duo Admin Panel
https://admin.duosecurity.com/
To obtain an 'Integration Key' and 'Secret Key':
- Log on to the Duo Admin Panel as an 'Owner'
- Navigate to "Applications"
- Click "Protect Application"
- 'Protect' the 'Admin API'
- Give it a friendly name
- Grant the 'Grant read log' permission only
- The "Integration Key", "Secret Key" and "API hostname" should be visible on the application page.
- Click 'Save changes'
If you want to ingest data from an endpoint using Universal Rest API Protocol, configure a log source on the QRadar® Console using the Workflow field so that the defined endpoint can communicate with QRadar by using the Universal Rest API protocol.
- Log in to QRadar.
- Click the Admin tab.
- To open the app, click the QRadar Log Source Management app icon.
- Click New Log Source > Single Log Source.
- On the Select a Log Source Type page, Select a Log Source Type (Universal DSM) and click Select Protocol Type (Universal Rest API).
- On the Select a Protocol Type page, select a protocol and click Configure Log Source Parameters.
- On the Configure the Log Source parameters page, configure the log source parameters and click Configure Protocol Parameters.
- On the Configure the Protocol Parameters page, configure the protocol-specific parameters (Workflow and Workflow Parameter Values).
- In the Test protocol parameters window, click Start Test.
- To fix any errors, click Configure Protocol Parameters. Configure the parameters and click Test Protocol Parameters.
- Click Finish