Before you can add a log source in IBM
QRadar, you need to configure
the Admin API from your Cisco Dashboard.
Procedure
-
Log in to the Duo Admin Panel as an administrator.
-
Go to Applications, then click Protect an
Application.
- Find Admin API in the list, then click
Protect.
- From the permissions menu, select Grant read log permission.
This permission is required for the Cisco Duo protocol to read authentication logs
from the Admin API.
- Record the values for the Integration Key, Secret
Key, and API hostname. You need these values when you configure
the Cisco Duo log source in QRadar.
- Click Save changes.
Important: Because Cisco Duo has rate limits on API calls, you can create only one log
source for each customer account.