This page is not yet available in Spanish. We are working on its translation.
If you have any questions or feedback about our current translation project, feel free to reach out to us!

Overview

Cisco Duo is a multi-factor authentication (MFA) and secure access solution. It adds an additional layer of security by requiring users to verify their identity through a second factor, such as a mobile app, before gaining access to applications or systems. Duo is often used to enhance the security of remote access and helps protect against unauthorized access, even if passwords are compromised.

This integration ingests the following logs:

  • Authentication
  • Activity
  • Administrator
  • Telephony
  • Offline Enrollment

The Cisco Duo integration seamlessly collects multi-factor authentication (MFA) and secure access logs, channeling them into Datadog for analysis. Leveraging the built-in logs pipeline, these logs are parsed and enriched, enabling effortless search and analysis. The integration provides insight into fraud authentication events, authentication activity timeline, locations of accessed, authentication devices, and many more through the out-of-the-box dashboards.

Setup

Configuration

Get API Credentials of Cisco Duo

  1. Sign up for a Duo account.
  2. Log in to the Duo Admin Panel.
  3. Navigate to Applications.
  4. Click Protect an Application and locate the entry for Admin API in the applications list.
  5. Click Protect to configure the application and retrieve your integration key, secret key, and API hostname. This information will be used to configure the Cisco Duo integration.
  6. Ensure the Grant read log permission is selected and click Save Changes.

Cisco Duo DataDog Integration Configuration

Configure the Datadog endpoint to forward Cisco Duo logs to Datadog.

  1. Navigate to Cisco Duo.
  2. Add your Cisco Duo credentials.
Cisco Duo ParametersDescription
HostThe API Hostname from Cisco Duo. It is the XXXXXXXX part of https://api-XXXXXXXX.duosecurity.com.
Integration KeyThe Integration Key from Cisco Duo.
Secret KeyThe Secret Key from Cisco Duo.

Data Collected

Logs

The Cisco Duo integration collects and forwards Cisco Duo Authentication, Activity, Administrator, Telephony and Offline Enrollment logs to Datadog.

Metrics

The Cisco Duo integration does not include any metrics.

Events

The Cisco Duo integration does not include any events.

Support

For further assistance, contact Datadog Support.