cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4180
Views
0
Helpful
15
Replies

Duo Log Grabber - We NEED You!

duo-danj
Level 1
Level 1

Hey Duo Community!
I’m Dan, a Product Manager here at Duo Security. We’re currently working on making an official Duo Log Grabber.

Over the coming weeks, we would like to work with a few customers (between 3-5) on making sure the Duo Log Grabber does everything to alleviate your pain points in regard to getting logs from Duo to your SIEM.

We’re preferably looking for customers who use QRadar and LogRhythm, and who ideally would like to use JSON over CEF. However, this is not a prerequisite.

If you’re interested in helping us out and would like to test, trial, and provide feedback regarding the new Duo Log Grabber, please comment below!

Kind regards,

Dan
Product Manager for Data

15 Replies 15

P_tyler2
Level 1
Level 1

Greetings,

I am a customer who uses QRadar and I would be very interested in participating in testing out the log grabber. I can be formally reached at ptyler@odu.edu.

thanks,

Phillip Tyler
IT Security Operations Analyst
Information Technology Services
Old Dominion University
Norfolk, VA 23529
Ph: (757) 683-5068

Hi Philip,
Just sent you an email!

Cheers,

Dan

Pranav_Jariwala
Level 1
Level 1

Please help us with elastic search stack.

MrG2
Level 1
Level 1

We can probably help test it.

alanhong1
Level 1
Level 1

Hello,

I am customer who uses QRadar and I’m very interested in reviewing this log grabber. I can be reached at alan.hong@usc.edu.

Thank you,
Alan Hong
Information Security Lead
Office of the Chief Information Security Officer (CISO)
University of Southern California
3434 S. Grand Avenue
Los Angeles, California 90089-2812

I am a customer who uses Logrhythm and I would be very interested in participating in testing out the log grabber. dm me if this is still open!

seppovic
Level 1
Level 1

Hey Dan,
we would be happy to join the test Programm for QRadar, we have a quite large setup and would be happy to burry our self made skripts.

Please send me an E-Mail or Personal Message here and i share my Duo Resources with you

Thanks in Advance,
Markus

I’m a Logrhythm user and would willing to try it, assuming you still need testers.

Ken

John Rogers
Level 1
Level 1

If you are still needing people to work with. OSU uses qradar and would be willing to trial a log grabber. We where just looking at rolling out an opensource one, but would rather get your vendor produced mechanism working.

Thanks,
John Rogers
Lead IT Security Engineer
Oklahoma State University
John.Rogers@okstate.edu

smsmith2020
Level 1
Level 1

Dan,

We use LogRhythm and would be happy to help test.

Scott

ravilk87
Level 1
Level 1

Hi Dan,

I am very happy to help you. We previously worked with a python script and run the cronjob to grab the logs from duo api and forwarded syslogs to Qradar. All of the sudden we are not getting logs from duo from the month feb. We already Qradar DSM for Duo logs to understand and process the logs. We already raised a ticket with your support team to work on this. Please reach out me to my mail lravi@solenis.com

duo-danj
Level 1
Level 1

Hello everyone!

The new Duo Log Sync is now available for your testing!

Please remember this is a beta version.

Any and all feedback is welcome (whether that is a: “IT WORKS” or a “THIS DOES NOT WORK”) it really does help us.

Any questions or queries please just comment!

Kind regards,

Dan

Hey Dan,
Just to be clear as to which piece of the puzzle this is doing, this is just pulling Duo logs to a local server, to then be picked up by whatever SEIM I’m using?
Ken

Hi Kstieers,
You can host the DLS on either a server or your local machine and then point it to your SIEM and off you go!

Quick Links