05-18-2021 08:45 AM
Hi team,
I am seeking to be advised on some of the key usecase scnarios that we couls monitor in our SOC. I have for instance considered user logins where duo push and access device are in separate locations. I would appreciate any further insights on some important usecases.
Regards
05-19-2021 06:50 AM
Hi @Colloh, what a great question you’ve asked here! This is exactly the kind of best practice conversation we love to see in the Community. Just to clarify, SOC in this context refers to your Security Operations Center - is that correct?
I’ll take this back to our team and see if others have any advice I can share with you, and I hope other members of the Community and Duo admins weigh in as well!
Kind of related - we have a free course on Duo Trust Monitor available on our learning management system, Duo Level Up. The content it covers seems super relevant to your question, so you might want to explore that and check it out.
05-19-2021 11:12 AM
Hi Amy
You are right, SOC refers to Security Operations Center.
Thanks for getting back to me, I will check the Duo Trust Monitor course
05-20-2021 05:31 AM
Thanks for confirming that! One of our Customer Success Managers at Duo recommended that if you use a SEIM like Rapid7 or Splunk, you could forward the logging there and set up reporting to monitor authentication requests.
Most of the cases we recommend looking at will be covered in the Trust Monitor course. These include:
05-20-2021 06:46 AM
Hi Amy,
Thanks very much for your help.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide