Configuring Cisco Duo to communicate with QRadar®

Before you can add a log source in IBM QRadar, you need to configure the Admin API from your Cisco Dashboard.

Procedure

  1. Log in to the Duo Admin Panel as an administrator.
  2. Go to Applications, then click Protect an Application.
  3. Find Admin API in the list, then click Protect.
  4. From the permissions menu, select Grant read log permission.
    This permission is required for the Cisco Duo protocol to read authentication logs from the Admin API.
  5. Record the values for the Integration Key, Secret Key, and API hostname. You need these values when you configure the Cisco Duo log source in QRadar.
  6. Click Save changes.
    Important: Because Cisco Duo has rate limits on API calls, you can create only one log source for each customer account.