steampipe plugin install duo

Table: duo_auth_log_record - Query Duo Security Authentication Log Records using SQL

Duo Security is a cloud-based security platform that provides two-factor authentication, endpoint security, remote access solutions and more. This platform helps prevent breaches, reduce risk, and ensure regulatory compliance. The Authentication Log Records in Duo Security provide detailed information about user authentication attempts, including the user, device, location, and result.

Table Usage Guide

The duo_auth_log_record table provides insights into user authentication activities within Duo Security. As a security analyst, explore detailed information about user authentication attempts through this table, including the user, device, location, and result. Utilize it to uncover information about user activities, detect potential security breaches, and ensure regulatory compliance.

Examples

Authentication log records for the last 30 days (default time range)

select
*
from
duo_auth_log_record
order by
timestamp desc;
select
*
from
duo_auth_log_record
order by
timestamp desc;

Authentication log records for the last 24 hours

select
*
from
duo_auth_log_record
where
timestamp > current_timestamp - interval '24 hours'
order by
timestamp desc;
select
*
from
duo_auth_log_record
where
timestamp > datetime('now', '-24 hours')
order by
timestamp desc;

Authentication log records for a specific time range

select
*
from
duo_auth_log_record
where
timestamp >= '2022-04-17T07:00:00-04:00'
and timestamp < '2022-04-17T08:00:00-04:00'
order by
timestamp desc;
select
*
from
duo_auth_log_record
where
timestamp >= '2022-04-17T07:00:00-04:00'
and timestamp < '2022-04-17T08:00:00-04:00'
order by
timestamp desc;

Schema for duo_auth_log_record

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
actiontextThe type of change that was performed, e.g. auth_login, group_create, user_update.
descriptionjsonbDetails of what changed, format varies based on the action.
objecttextThe object that was acted on. For example: 'jsmith' (for users), '(555) 713-6275 x456' (for phones), or 'HOTP 8-digit 123456' (for tokens).
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
timestamptimestamp with time zone>, >=, =, <, <=Time when the event occurred.
usernametextThe full name of the authistrator who performed the action in the Duo Auth Panel. If the action was performed with the API this will be 'API'. Automatic actions like deletion of inactive users have 'System' for the username. Changes synchronized from Directory Sync will have a username of the form (example) 'AD Sync: name of directory'.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- duo

You can pass the configuration to the command with the --config argument:

steampipe_export_duo --config '<your_config>' duo_auth_log_record