/duo_log_alert

simple PoC to leverage the Cisco DUO Admin API and send a Webhook for denied Authentications to Slack

Primary LanguageJavaScriptBSD 3-Clause "New" or "Revised" LicenseBSD-3-Clause

DUO Log Alert

simple PoC to leverage the Cisco DUO Admin API and send a Webhook for denied Authentications to Slack

Usage

You need the DUO Admin API credentials

  • ikey
  • skey
  • duo api host

if a webhook should be send use the option --hook with your webhook PATH you obtained through slack The Webhoook URL will look like this https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX strip https://hooks.slack.com/services/ from it and append it as an option.

  • hook T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX
//node main.js --ikey <duo ikey> --skey <duo skey> --host <duo api endpoint> --hook <slack hook Path>
node main.js --ikey <duo ikey> --skey <duo-skey> --host api-xxxxxxxx.duosecurity.com --hook T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX

ToDo

rework for usage env vars and test serverless.