Duo Security is a zero-trust security platform that provides identity-based security services, including two-factor authentication, endpoint security and single sign-on (SSO).
Blumira is a certified Duo Ready Partner under Duo’s Detection and Response category. Blumira integrates with Duo Security to stream authentication and endpoint logs and alerts to the Blumira service for threat detection and actionable response. Blumira applies threat intelligence and user entity behavior analytics to detect malicious and high-risk logins such as geo-impossible logins.
See a demo of Duo + Blumira in action:
Learn more in our blog post, “Duo + Blumira: Better Identity, Access Monitoring & Threat Detection Together.”
Configure Duo Security to work with Blumira using the Duo Admin API event logs, following these steps:
You should grant permissions commensurate to your needs, for Blumira we are looking for read access to the data within the Duo environment.
Once you have the Duo configuration parameters, you’ll need to enable your Blumira sensor to actually collect Duo logs. To do this, on an existing or new sensor in the sensor UI, you must add the Duo Module (note that the typical “Logger” module must also be present on this sensor for logs to flow; it will be listed at the bottom of your sensor detail page, if present [1]).
To add the Duo Module:
Footnotes:
[1] To add the basic “Logger” module, if you haven’t already during your Blumira onboarding, simply click “Add Module” on a sensor without one, select the latest available version of the “Logger Module”, and click “Install” (leaving the two TLS fields blank, unless you intend to collect TLS syslog).
Try out Blumira’s automated detection & response platform for free and deploy a cloud SIEM in hours.