Duo is a user-centric access security platform that provides two-factor authentication.
Two-factor authentication adds a second layer of security to your online accounts. Verifying your identity using a second factor (like your phone or other mobile device) prevents anyone but you from logging in, even if they know your password.

Supported Data Types

  • Duo Authentication Logs - Returns a paged list of authentication log events ranging from the last 180 days up to as recently as two minutes before the API request.
    More info can be found here.

Hunters Ingestion

For Hunters to integrate with your Duo, the logs should be collected to a Storage Service (e.g. to an S3 bucket or Azure Blob Storage) shared with Hunters.
We then read the data from the shared bucket, parse it and use it to protect your users and your network in a more comprehensive way - both in detection and investigation phases in the Hunters’ pipeline.

Expected Format

In each log file, the events should be separated by a new-line, where each event has a JSON format.


{"access_device": {"browser": "Chrome", "browser_version": "94.0.4606.61", "epkey": "AAAAA", "flash_version": "uninstalled", "hostname": null, "ip": "", "is_encryption_enabled": "unknown", "is_firewall_enabled": "unknown", "is_password_set": "unknown", "java_version": "uninstalled", "location": {"city": "New York", "country": "USA", "state": "New York"}, "os": "Windows", "os_version": "10", "security_agents": "unknown"}, "alias": "", "application": {"key": "BBBBB", "name": "Auth0 Device Health Apps"}, "auth_device": {"ip": null, "location": {"city": "New York", "country": "USA", "state": "Ney York"}, "name": null}, "email": "john.doe@google.com", "event_type": "authentication", "factor": "remembered_device", "isotimestamp": "2021-09-30T18:03:11.290140+00:00", "ood_software": null, "reason": "remembered_device", "result": "success", "timestamp": 1633024991, "trusted_endpoint_status": "unknown", "txid": "111-222-333-aaa", "user": {"groups": ["group A", "Group B"], "key": "AA444", "name": "John.Doe"}, "eventtype": "authentication", "host": "api-111.duosecurity.com"}