Overview
Blumira integrates with Duo Security to stream authentication and endpoint logs and alerts to Blumira for threat detection and actionable response. We then apply threat intelligence and user entity behavior analytics to detect malicious and high-risk logins, such as geo-impossible logins.
Important: Dedicate a specific Admin API application in Duo to your Blumira integration. Do not reuse the same Duo Admin API credentials for multiple applications. Rate limits for Duo's API will cause logging delays or disruption if too many requests are processed with the same credentials.
Before you begin
Required: You must be a Duo Security Administrator with the Owner role to create or modify an Admin API application in the Duo Admin Panel.
Before you can add the Duo Security Cloud Connector in Blumira, you must gather your Duo Admin API credentials:
- Duo integration key
- Duo secret key
- Duo API hostname
To obtain your Duo Admin API information complete the steps in Duo Admin API: First Steps.
In Step 4, ensure that you check the boxes next to these permissions:
- Grant read information
- Grant read log
Video tutorial: Watch a video of the steps to complete the integration below.
Providing your API credentials to Blumira
To configure the Blumira Cloud Connector and begin logging, do the following:
- In Blumira, navigate to Settings > Cloud Connectors.
- Click + Add Cloud Connector.
- In the Available Cloud Connectors window, select the connector you want to add.
- In Cloud Connector Name, type a name that will help you identify the integration.
- In the remaining fields, enter the credentials you gathered in the previous steps.
- Click Connect.
Testing a Duo detection
After your Cloud Connector is configured, wait at least 15 minutes for detection rules to automatically be deployed to your account, then use our testing procedures to trigger test detections that you can resolve in the app. See Testing Duo Security detections for steps.