Duo Integration with WatchGuard Open MDR

To enable the WatchGuard MDR team to monitor logs from Duo, you must configure a connection from your Duo installation to WatchGuard.

Contents

Before You Begin

Before you complete the procedures in this document, make sure that:

  • You have a Duo account with Read-Only Admin access to your Duo environment.
  • You have a WatchGuard Open MDR license allocated in WatchGuard Cloud.

Configure Duo Security Application Protection

To enable WatchGuard MDR to monitor Duo system logs and user logs, you must collect the Integration Key, Secret Key, and API Hostname from Duo, and configure the required permissions for the Admin API in Duo.

WatchGuard provides interoperability instructions to help our customers configure WatchGuard products to work with third-party products created by other organizations. If you need more information or technical support about configuring a non-WatchGuard product, see the documentation and support resources for that product.

To configure Duo Security application protection:

  1. Log in to Duo.

Screenshot of the Duo Applications menu

  1. Select Applications > Applications.
    The Applications page opens.

Screenshot of the Duo Applications page

  1. From the Configured Applications list, select the Admin API application.
    The Admin API page opens.

Screenshot of the Duo Admin API page

  1. From the Details section, copy and save the Integration Key, Secret Key, and API Hostname text. You will add this information to the Managed Services portal later.
  2. Scroll to the Settings section.

Screenshot of the Duo Admin API Permissions section

  1. Next to Permissions, select the Grant Read Information, Grant Read Log, and Grant Read Resource check boxes.
  2. Click Save Changes.

Add the Integration in the Managed Services Portal

To complete the integration, you must add the Duo integration in the Managed Services portal.

To add the Duo integration:

  1. In WatchGuard Cloud, select Monitor > Managed Services.
    The Managed Services portal opens in a new browser tab.
  2. If you are a Service Provider, select your Subscriber account from the drop-down list.
  3. In the upper, right corner of the Managed Services portal, click Screenshot of the gear icon.
  4. From the drop-down list, select Onboarding.
  5. From the navigation menu, select Integrations.
    The Integrations page opens.

Screen shot of MDR portal Cloud Integrations page

  1. Click Add Service > Duo.
    The Duo tab opens.

Screen shot of MDR portal Duo Integrations page

  1. Click Add Integration.
    The Add Duo Integration dialog box opens.

Screen shot of MDR portal Duo integration settings dialog box

  1. In the Label text box, type a name for the integration.
  2. In the Host text box, paste the Duo API Hostname you copied from the Duo Admin API application.
  3. In the Integration Key and Security Key text boxes, paste the keys you copied from the Duo Admin API application.
  4. Click Submit.

Test the Integration

To test the Duo integration with WatchGuard Open MDR:

  1. In WatchGuard Cloud, select Monitor > Managed Services.
    The Managed Services portal opens in a new browser tab.
  2. If you are a Service Provider, select your Subscriber account from the drop-down list.
  3. In the upper, right corner of the Managed Services portal, click Screenshot of the Managed Services portal gear icon.
  4. From the drop-down list, select Onboarding.
    The Integrations page opens.
  5. Select the Duo tab.
  6. Next to the integration, click Test.

Related Topics

About Managed Services with WatchGuard MDR

About WatchGuard MDR Licenses