02-21-2020 07:05 AM
Hey Duo Community!
I’m Dan, a Product Manager here at Duo Security. We’re currently working on making an official Duo Log Grabber.
Over the coming weeks, we would like to work with a few customers (between 3-5) on making sure the Duo Log Grabber does everything to alleviate your pain points in regard to getting logs from Duo to your SIEM.
We’re preferably looking for customers who use QRadar and LogRhythm, and who ideally would like to use JSON over CEF. However, this is not a prerequisite.
If you’re interested in helping us out and would like to test, trial, and provide feedback regarding the new Duo Log Grabber, please comment below!
Kind regards,
Dan
Product Manager for Data
02-25-2020 06:31 AM
Greetings,
I am a customer who uses QRadar and I would be very interested in participating in testing out the log grabber. I can be formally reached at ptyler@odu.edu.
thanks,
Phillip Tyler
IT Security Operations Analyst
Information Technology Services
Old Dominion University
Norfolk, VA 23529
Ph: (757) 683-5068
02-27-2020 06:41 AM
Hi Philip,
Just sent you an email!
Cheers,
Dan
02-27-2020 12:00 AM
Please help us with elastic search stack.
03-03-2020 01:05 PM
We can probably help test it.
03-24-2020 03:08 PM
Hello,
I am customer who uses QRadar and I’m very interested in reviewing this log grabber. I can be reached at alan.hong@usc.edu.
Thank you,
Alan Hong
Information Security Lead
Office of the Chief Information Security Officer (CISO)
University of Southern California
3434 S. Grand Avenue
Los Angeles, California 90089-2812
03-27-2020 11:21 AM
I am a customer who uses Logrhythm and I would be very interested in participating in testing out the log grabber. dm me if this is still open!
04-06-2020 07:25 AM
Hey Dan,
we would be happy to join the test Programm for QRadar, we have a quite large setup and would be happy to burry our self made skripts.
Please send me an E-Mail or Personal Message here and i share my Duo Resources with you
Thanks in Advance,
Markus
04-09-2020 01:58 PM
I’m a Logrhythm user and would willing to try it, assuming you still need testers.
Ken
04-15-2020 12:45 PM
If you are still needing people to work with. OSU uses qradar and would be willing to trial a log grabber. We where just looking at rolling out an opensource one, but would rather get your vendor produced mechanism working.
Thanks,
John Rogers
Lead IT Security Engineer
Oklahoma State University
John.Rogers@okstate.edu
05-05-2020 09:27 AM
Dan,
We use LogRhythm and would be happy to help test.
Scott
05-07-2020 05:51 AM
Hi Dan,
I am very happy to help you. We previously worked with a python script and run the cronjob to grab the logs from duo api and forwarded syslogs to Qradar. All of the sudden we are not getting logs from duo from the month feb. We already Qradar DSM for Duo logs to understand and process the logs. We already raised a ticket with your support team to work on this. Please reach out me to my mail lravi@solenis.com
05-13-2020 05:16 AM
Hello everyone!
The new Duo Log Sync is now available for your testing!
Please remember this is a beta version.
Any and all feedback is welcome (whether that is a: “IT WORKS” or a “THIS DOES NOT WORK”) it really does help us.
Any questions or queries please just comment!
Kind regards,
Dan
05-13-2020 12:24 PM
Hey Dan,
Just to be clear as to which piece of the puzzle this is doing, this is just pulling Duo logs to a local server, to then be picked up by whatever SEIM I’m using?
Ken
06-01-2020 12:43 PM
Hi Kstieers,
You can host the DLS on either a server or your local machine and then point it to your SIEM and off you go!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide