| Table of Contents |
|---|
Overview
This is a cloud based devices which is added to the UI using API call, and we fetch logs from DUO and for that we need Integration key and Secret Key in order to link Seceon to DUO application
Role required: Owner
Note that only administrators with the Owner role can create or modify an Admin API application in the Duo Admin Panel.
Steps To Fetch integration key and secret key
Sign up for a Duo account.
Log in to the Duo Admin Panel and navigate to Applications.
Click Protect an Application and locate the entry for Admin API in the applications list. Click Protect to the far-right to configure the application and get your integration key, secret key, and API hostname. You'll need this information to complete your setup. See Protecting Applications for more information about protecting applications in Duo and additional application options.
...
The Admin API performs the IP check occurs after verifying the authentication signature in a request. If you restrict the allowed networks for API access and see logged events for blocked Admin API requests from unrecognized IP addresses, this may indicate compromise of your Admin API application's secret key.
Configuration On Seceon GUI :
Go to Provisioning > Add-on Devices > Add-on Configuration
...
2. Click on Add
...
VERIFICATION OF CONFIGURATION
Verification can be done either from UI or from the CCE server.
Using UI
STEP1: Login to UI >> SYSTEM>> LOGS AND FLOWS COLLECTION STATUS.
...
STEP 2: >> LOGS AND FLOWS COLLECTION STATUS.
...
STEP 3: >>Inside SOURCE DEVICE IP, IP will reflect.
...
Using CCE SERVER
Login into CCE Server with seceon user and execute the following command.
sudo tcpdump -i any host 514 and host <IP address> -AAA