Duo Event Collector
#
This Integration is part of the DUO Admin Pack.Supported versions
Supported Cortex XSOAR versions: 6.8.0 and later.
Collects Auth and Audit events for Duo using the API.
#
Configure Duo Event Collector on Cortex XSOARNavigate to Settings > Integrations > Servers & Services.
Search for Duo Event Collector.
Click Add instance to create and configure a new integration instance.
Parameter Description Required Server Host The URL for the API. True First fetch timestamps The first time fetch date range, for example: 2 days, 1 month, 3 years. True Integration key The integration key for the admin API from Duo. True Secret key The secret key for the admin API from Duo. True XSIAM request limit The maximum number of events to collect from the API in each cycle. True Request retries The number of times to retry a failed too many requests 429 HTTP error. False Use system proxy settings Enable proxy support for running the collector. False auth_api_version The version of th Authentication API. Possible values are 1, 2. False logs_type_array The type of APIs that this instance will use in the collector. False Click Test to validate the URLs, token, and connection.
#
CommandsYou can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
#
duo-get-eventsManual command to fetch events and display them.
#
Base Commandduo-get-events
#
InputArgument Name | Description | Required |
---|---|---|
should_push_events | Set this argument to True in order to create events, otherwise the command will only display them. Possible values are: True, False. Default is False. | Required |
#
Context OutputThere is no context output for this command.