turbot/duo

GitHub
steampipe plugin install duosteampipe plugin install duo

Table: duo_admin_log_record

Query records in the admin log for your Duo account.

Notes:

Examples

Admin log records for the last 30 days (default time range)

select
*
from
duo_admin_log_record
order by
timestamp desc

Admin log records for the last 24 hours

select
*
from
duo_admin_log_record
where
timestamp > current_timestamp - interval '24 hours'
order by
timestamp desc

Admin log records for a specific time range

select
*
from
duo_admin_log_record
where
timestamp >= '2022-04-17T07:00:00-04:00'
and timestamp < '2022-04-17T08:00:00-04:00'
order by
timestamp desc

Failed login attempts in the last 7 days

select
*
from
duo_admin_log_record
where
action = 'admin_login_error'
and timestamp > current_timestamp - interval '7 days'
order by
timestamp desc

.inspect duo_admin_log_record

Admin log records in the Duo account.

NameTypeDescription
_ctxjsonbSteampipe context in JSON form, e.g. connection_name.
actiontextThe type of change that was performed, e.g. admin_login, group_create, user_update.
descriptionjsonbDetails of what changed, format varies based on the action.
objecttextThe object that was acted on. For example: 'jsmith' (for users), '(555) 713-6275 x456' (for phones), or 'HOTP 8-digit 123456' (for tokens).
timestamptimestamp with time zoneTime when the event occurred.
usernametextThe full name of the administrator who performed the action in the Duo Admin Panel. If the action was performed with the API this will be 'API'. Automatic actions like deletion of inactive users have 'System' for the username. Changes synchronized from Directory Sync will have a username of the form (example) 'AD Sync: name of directory'.