With the Duo integration for Perch, you can collect Duo events for review in the Perch data lake. The Perch SOC will analyze your Duo events during the course of normal alert triaging. You can also visualize your Duo logs with custom reports, create custom event notifications, and store your Duo logs for as long as you like. Perch will pull all Duo event types available through the Duo API, which includes:
Login to the Duo Admin Panel as an administrator with the ‘Owner’ role and navigate to Applications.
Click Protect an Application and locate Admin API in the applications list. Click Protect this Application.
If Admin API isn’t in the list or available when searched for, you will need to enable Admin API for your account by contacting Duo Support. Once the Admin API is enabled you may continue with Protect this Application
Under the ‘Settings’ section for this application locate the ‘Permissions’ section and check the boxes next to Grant read information, Grant read log, and Grant read resource. These are the only permissions needed for the Perch integration to function. Do not check the boxes next to any other permissions. Save these settings.
Note: You can optionally change the name of Admin API application on the settings page to something that helps you remember this is for Perch.
You can view your API hostname, integration key, and secret key at the top of the new Admin API application’s page. You will need this information to setup your Perch integration with Duo
Note: This information should be considered sensitive information. With these three pieces of information, people can access the sensitive information within your Duo logs. Treat this as you would a password and do not share it over insecure channels.
Now that you’ve enabled the Duo Admin API and gotten your API hostname, integration key, and secret key, you are ready to setup the Duo integration in Perch.
Login to Perch and navigate to Settings on the side-navigation. You will need to enable the Duo integration in Perch by clicking ‘Install’.
Once installed, click on the right facing chevron chevron_right to enter the Duo integration settings page.
On the Duo integration settings page, enter your API hostname, integration key, and secret key. Save and test the credentials. After a successful test you can enable Duo log collection and Save again.
That’s it! Now that your setup is complete Perch will begin collecting your Duo logs. This may take a few minutes to show up in the system, but you can check on integration health in the Integration Health section.
Once you start seeing your Duo logs in Perch you can do all the Perchy things you enjoy such as: