Cisco Duo Monitoring

Updated Jan 17, 2024

Configure Cisco Duo for Arctic Wolf monitoring

You can configure Cisco Duo® to send the necessary logs to Arctic Wolf® for security monitoring.

Requirements

Steps

  1. Verify Admin API access permissions.
  2. Configure the Admin API permissions and obtain credentials.
  3. Provide your Cisco Duo credentials to Arctic Wolf.

Step 1: Verify Admin API access permissions

  1. Sign in to the Cisco Duo console.

  2. In the navigation menu, click Applications.

  3. Click Protect an Application, and then find an Admin API application in the list:

    Note: You are unable to continue until you have Admin API access.

Step 2: Configure the Admin API to protect your Duo environment

  1. In the Applications list, find Admin API, and then click Protect.

    The Admin API page opens.

  2. In the Name field, enter a name for the protected application.

  3. In the Username normalization section, select Simple.

  4. In the Permissions section, select these checkboxes:

    • Grant read information
    • Grant read log
    • Grant read resource
  5. In the Details section, copy the Integration Key, Secret Key, and API Hostname values in in a safe, encrypted location. You will provide them to Arctic Wolf later.

  6. Click Save Changes.

Step 3: Provide your Cisco Duo credentials to Arctic Wolf

Note: If API credentials fail, for example due to expired credentials, Arctic Wolf notifies you and requests a new set of credentials. After receiving refreshed credentials, Arctic Wolf can only retrieve data from the previous 12 hours. Provide refreshed credentials within 12 hours of expiry to enable complete data polling and coverage. For more information, see MDR polling frequency.

  1. Sign in to the Arctic Wolf Unified Portal.

  2. Click Telemetry Management > Connected Accounts.

  3. Click Add Account +.

  4. On the Add Account page, in the Account Type list, select Cloud Detection and Response.

  5. In the Cloud Services list, select Duo.

  6. On the Add Account page, configure these settings:

  7. Click Test and submit credentials.

    After your Concierge Security® Team (CST) enables security monitoring for this account, the connected account status changes to Healthy.