- Cloud Collectors Overview
- Administration
- Administrative Access
- Shareable Service Accounts
- Add Accounts for AWS Cloud Collectors
- Add Accounts for Cisco Duo Cloud Collector
- Add Accounts for Google Cloud Collectors
- Add Accounts for Microsoft Cloud Collectors
- Add Accounts for Okta Cloud Collectors
- Add Accounts for Salesforce Cloud Collectors
- Add Accounts for Splunk Cloud Collectors
- Add Accounts for Trend Micro Cloud Collectors
- Define a Unique Site Name
- Sign Up for the Early Access Program
- Onboard Cloud Collectors
- Abnormal Security Cloud Collector
- AWS CloudTrail Cloud Collectors
- AWS CloudWatch Cloud Collector
- AWS S3 Cloud Collector
- AWS SQS Cloud Collector
- Azure Activity Logs Cloud Collector
- Azure Log Analytics Cloud Collector
- Azure Event Hub Cloud Collector
- Azure Storage Analytics Cloud Collector
- Cato Networks Cloud Collector
- Cisco Duo Cloud Collector
- Cisco Umbrella Cloud Collector
- Cribl Cloud Collector
- CrowdStrike Cloud Collectors
- GCP Pub/Sub Cloud Collector
- Microsoft Defender XDR (via Azure Event Hub) Cloud Collector
- Microsoft Entra ID Context Cloud Collector
- Microsoft Entra ID Logs Cloud Collector
- Microsoft 365 Exchange Admin Reports Cloud Collector
- Supported Sources from Microsoft 365 Exchange Admin Reports
- Migrate to the Microsoft 365 Exchange Admin Reports Cloud Collector
- Prerequisites to Configure the Microsoft 365 Exchange Admin Reports Cloud Collector
- Configure the Microsoft 365 Exchange Admin Reports Cloud Collector
- Troubleshooting the Microsoft 365 Exchange Admin Reports Cloud Collector
- Microsoft 365 Management Activity Cloud Collector
- Microsoft Security Alerts Cloud Collector
- Microsoft Sentinel (via Event Hub) Cloud Collector
- Netskope Alerts Cloud Collector
- Netskope Events Cloud Collector
- Okta Cloud Collector
- Okta Context Cloud Collector
- Palo Alto Networks Cortex Data Lake Cloud Collector
- Proofpoint On-Demand Cloud Collector
- Proofpoint Targeted Attack Protection Cloud Collector
- Salesforce Cloud Collector
- SentinelOne Alerts Cloud Collector
- SentinelOne Cloud Funnel Cloud Collector
- SentinelOne Threats Cloud Collector
- Splunk Cloud Collector
- Symantec Endpoint Security Cloud Collector
- Trend Vision One Cloud Collector
- Zscaler ZIA Cloud Collector
- Webhook Cloud Collectors
- Wiz Cloud Collector
- Troubleshooting Cloud Collectors
Add Accounts for Cisco Duo Cloud Collector
You can use your Cisco Duo account across one or more Cisco Duo Cloud Collector instances. Before you can add your account, you must identify the authentication method and obtain the identifying information.
To create a Cisco Duo account, perform each of the following workflows:
Create an Admin API Protected Application to Obtain an Integration Key, Secret Key, and API Hostname
Duo Security APIs are authenticated via application keys. To obtain an Integration key, Secret Key, and the API Hostname, you must create a new Admin API Protected application.
To create a new API protected application:
Log in to the Duo Admin console.
Navigate to Applications > Protect an Application.
In the list of available applications, click Protect this Application link for Admin API. On the new application’s Properties page, note the secret key Integration key, Secret key, and API hostname that the Details section displays. The integration key and secret key uniquely identify a specific application to Duo. The API hostname is unique to your account and shared by all related applications. Use these values, represented by a string of letters and numbers, to configure the Cisco Duo Cloud Collector.
Specify a name for the application that you created.
Select the following options to give the required permissions to the Admin API protected application:
Grant administrators - For the Exabeam Security Operations Platform to read administrator identifying properties.
Grant read log - For the Exabeam Security Operations Platform to read the required audit logs.
Grant read resource – For the Exabeam Security Operations Platform to read users and groups information.
Save the changes.
Proceed to create a sharable account for Cisco Duo.
Create a Sharable Account for Cisco Duo
To set up a sharable account for Cisco Duo in Cloud Collectors:
Log in to the Exabeam Security Operations Platform with your registered credentials as an administrator.
Navigate to Collectors > Cloud Collectors.
Click Accounts, then click New Account.
In the Add a New Account page, enter the required information.
VENDOR – Select the vendor as Cisco Duo.
NAME – Specify a name for the Cisco Duo account.
API HOSTNAME – Specify the API Hostname that you obtained while creating the Admin API protected application.
INTEGRATION KEY – Paste the Integration Key that you obtained while creating the Admin API protected application.
SECRET KEY – Paste the Secret Key that you obtained while creating the Admin API protected application.
Click Save.
Proceed to configure your Cisco Duo Cloud Collector.
When you onboard new collectors for Cisco Duo, you must select the Cisco Duo account. You can reuse credentials between different Cisco Duo cloud collectors.