Re: Duo Log Grabber - We NEED You!

duo-danj · ‎02-21-2020

Hey Duo Community!
I’m Dan, a Product Manager here at Duo Security. We’re currently working on making an official Duo Log Grabber.

Over the coming weeks, we would like to work with a few customers (between 3-5) on making sure the Duo Log Grabber does everything to alleviate your pain points in regard to getting logs from Duo to your SIEM.

We’re preferably looking for customers who use QRadar and LogRhythm, and who ideally would like to use JSON over CEF. However, this is not a prerequisite.

If you’re interested in helping us out and would like to test, trial, and provide feedback regarding the new Duo Log Grabber, please comment below!

Kind regards,

Dan
Product Manager for Data

P_tyler2 · ‎02-25-2020

Greetings,

I am a customer who uses QRadar and I would be very interested in participating in testing out the log grabber. I can be formally reached at ptyler@odu.edu.

thanks,

Phillip Tyler
IT Security Operations Analyst
Information Technology Services
Old Dominion University
Norfolk, VA 23529
Ph: (757) 683-5068

duo-danj · ‎02-27-2020

Hi Philip,
Just sent you an email!

Cheers,

Dan

Pranav_Jariwala · ‎02-27-2020

Please help us with elastic search stack.

MrG2 · ‎03-03-2020

We can probably help test it.

alanhong1 · ‎03-24-2020

Hello,

I am customer who uses QRadar and I’m very interested in reviewing this log grabber. I can be reached at alan.hong@usc.edu.

Thank you,
Alan Hong
Information Security Lead
Office of the Chief Information Security Officer (CISO)
University of Southern California
3434 S. Grand Avenue
Los Angeles, California 90089-2812

Christopher Wright · ‎03-27-2020

I am a customer who uses Logrhythm and I would be very interested in participating in testing out the log grabber. dm me if this is still open!

seppovic · ‎04-06-2020

Hey Dan,
we would be happy to join the test Programm for QRadar, we have a quite large setup and would be happy to burry our self made skripts.

Please send me an E-Mail or Personal Message here and i share my Duo Resources with you

Thanks in Advance,
Markus

Ken Stieers · ‎04-09-2020

I’m a Logrhythm user and would willing to try it, assuming you still need testers.

Ken

John Rogers · ‎04-15-2020

If you are still needing people to work with. OSU uses qradar and would be willing to trial a log grabber. We where just looking at rolling out an opensource one, but would rather get your vendor produced mechanism working.

Thanks,
John Rogers
Lead IT Security Engineer
Oklahoma State University
John.Rogers@okstate.edu

smsmith2020 · ‎05-05-2020

Dan,

We use LogRhythm and would be happy to help test.

Scott

ravilk87 · ‎05-07-2020

Hi Dan,

I am very happy to help you. We previously worked with a python script and run the cronjob to grab the logs from duo api and forwarded syslogs to Qradar. All of the sudden we are not getting logs from duo from the month feb. We already Qradar DSM for Duo logs to understand and process the logs. We already raised a ticket with your support team to work on this. Please reach out me to my mail lravi@solenis.com

duo-danj · ‎05-13-2020

Hello everyone!

The new Duo Log Sync is now available for your testing!

Please remember this is a beta version.

Any and all feedback is welcome (whether that is a: “IT WORKS” or a “THIS DOES NOT WORK”) it really does help us.

Any questions or queries please just comment!

Kind regards,

Dan

Ken Stieers · ‎05-13-2020

Hey Dan,
Just to be clear as to which piece of the puzzle this is doing, this is just pulling Duo logs to a local server, to then be picked up by whatever SEIM I’m using?
Ken

duo-danj · ‎06-01-2020

Hi Kstieers,
You can host the DLS on either a server or your local machine and then point it to your SIEM and off you go!