CLOUD CONNECTOR

Duo Security

Duo Security provides solutions for zero-trust security and secure access with device visibility and multi-factor authentication (MFA) support.

Securonix integrates with Duo Security APIs to gather account compromise, insider threat, credential fraud and suspicious account behavior events, as well as additional context enrichment for threat chains.

API Module Service/Module Covered Events Types Events Included Related Threats
Authentication Logs Authentication, Enrollment Duo admin logged in, 2 factor authentication success/failure from Duo factors as U2F Token, Duo Push, SMS refresh, etc. Represents authentication/2FA events from the supported duo factors Account Compromise, Insider Threat, Credential Theft, Unusual Entity Behavior
Administrator Logs Active Directory Sync AD sync started, completed, configuration downloaded, etc. Represents events related to the ActiveDirectory sync module in Duo
Account Compromise, Insider Threat, Credential Theft, Unusual Entity Behavior
Administrator Logs Azure Integration Azure directory created/modified/deleted, Azure directory sync started/completed, etc. Represents events related to the Azure directory integration in Duo Account Compromise, Insider Threat, Credential Theft, Unusual Entity Behavior
Administrator Logs Admin Management Admin added/deleted, admin updated, etc. Represents events related to admin accounts management in duo app Account Compromise, Insider Threat, Credential Theft, Unusual Entity Behavior
Administrator Logs Bypass Code Management Bypass code created/deleted, etc. Represents events related to bypass codes management and configuration in Duo app Account Compromise, Insider Threat, Credential Theft, Unusual Entity Behavior
Administrator Logs Directory Management Directory added/deleted/modified, directory group updated, etc. Represents events related to Duo directory management Account Compromise, Insider Threat, Credential Theft, Unusual Entity Behavior
Administrator Logs Duo Edition & Features Edition updated, feature added/deleted, etc. Represents events related to Duo app edition and features management Account Compromise, Insider Threat, Credential Theft, Unusual Entity Behavior
Administrator Logs Group Management Group added/deleted/updated Represents events relate to Duo group management Account Compromise, Insider Threat, Credential Theft, Unusual Entity Behavior
Administrator Logs Integrated Application Integrated app added/removed/updated, etc. Represents events related to Duo integrated applications Account Compromise, Insider Threat, Credential Theft, Unusual Entity Behavior
Administrator Logs User Management User added/removed, user imported, user marked for deletion, deleted user restored, etc. Represents events related to user management in Duo apps Account Compromise, Insider Threat, Credential Theft, Unusual Entity Behavior
Administrator Logs Tokens & Enrollment Enroll code sent, u2f token created/deleted, user bulk enrollment, bulk mobile activation sent, etc. Represents events related to u2f tokens and enrollment of devices Account Compromise, Insider Threat, Credential Theft, Unusual Entity Behavior
Administrator Logs Phones Phone added/deleted/modified, phone diss/associated, etc. Account Compromise, Insider Threat, Credential Theft, Unusual Entity Behavior Account Compromise, Insider Threat, Credential Theft, Unusual Entity Behavior
Telephony Logs Telephony Verification Logs SMS and phone verification events Represents phone factor authentication Account Compromise, Insider Threat, Credential Theft, Unusual Entity Behavior