Features
- User Directory Sync - Automatically sync users from Cisco Duo
- Authentication Logs - Ingest MFA authentication events for threat detection
- User Containment - Disable compromised users directly from Wirespeed
Setup Instructions
- Login to Cisco Duo Admin Panel
- Click on Applications on the left nav and select Application Catalog
- Search for Admin API and click +Add
- Name your application Wirespeed
- Enable the following permissions:
- Grant read log - Required for authentication log ingestion
- Grant read resource - Required for user directory sync
- Grant write resource - Required for user containment (disable/enable users)
- Copy the Integration Key, Secret Key, and API Hostname
- Click Save changes
- Login to Wirespeed
- Navigate to Integrations > Add Integration
- Select Cisco Duo and click Integrate
- Input the Integration Key, Secret Key, and API Hostname
Capabilities
| Capability | Description | Required Permission |
|---|
| User Sync | Sync users from Duo directory | Grant read resource |
| Authentication Logs | Ingest MFA authentication events | Grant read log |
| Contain User | Disable a user to prevent authentication | Grant write resource |
| Uncontain User | Re-enable a previously disabled user | Grant write resource |
There is a two minute delay in log publishing enforced by Duo
