Serverless collection solution to collect Duo security logs in to Sumo logic
Duo provides two-factor authentication, endpoint remediation, and secure single sign-on tools. The Sumo Logic App for Duo Security helps you monitor your Duo account’s authentication logs, administrator logs, and telephony logs. The dashboards provide insight into failed and successful authentications, events breakdown by applications, factors, and users, geo-location of events, admin activities, outliers, threat analysis of authentication, and administrator events.
Sumo Logic App for Duo Security uses following logs. See Duo's documentation for details of the log schema.
- Authentication Logs
- Administrator Logs
- Telephony Logs
- Create an HTTP Logs and Metrics Source.
- Download the Lambda Function code, and upload it to AWS Lambda Console and create a Lambda function.
- Define Environment Variables for the Lambda Function.
- Add a time-based trigger for the Lambda function.
Detailed instructions here.
Login in to your Sumo Logic account and install the App from App Catalog