steampipe plugin install duo

Table: duo_integration - Query Duo Security Integrations using SQL

Duo Security is a cloud-based security platform that protects access to sensitive data across applications and devices. It provides a range of security features, including two-factor authentication, secure single sign-on, and adaptive authentication. Duo Security Integration is a feature that allows the platform to work seamlessly with various applications and systems, enhancing the overall security posture.

Table Usage Guide

The duo_integration table provides insights into Duo Security Integrations. As a security engineer, explore integration-specific details through this table, including integration keys, secret keys, and API hostnames. Utilize it to uncover information about integrations, such as the security configuration of each integration, the associated applications, and potential security issues.

Examples

List all integrations

select
name,
integration_key,
type
from
duo_integration
order by
name;
select
name,
integration_key,
type
from
duo_integration
order by
name;

Integrations granted permission to administrator methods

select
name,
integration_key,
type
from
duo_integration
where
adminapi_admins = 1
order by
name;
select
name,
integration_key,
type
from
duo_integration
where
adminapi_admins = 1
order by
name;

Schema for duo_integration

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
adminapi_adminsbigint1 if the integration has been granted permission for Administrators methods; otherwise 0. Only applicable to Admin API integrations.
adminapi_infobigint1 if the integration has been granted permission for Account Info methods; otherwise 0. Only applicable to Admin API integrations.
adminapi_integrationsbigint1 if the integration has been granted permission for Integrations methods; otherwise 0. Only applicable to Admin API integrations.
adminapi_read_logbigint1 if the integration has been granted permission for Logs methods; otherwise 0. Only applicable to Admin API integrations.
adminapi_read_resourcebigint1 if the integration has been granted permission to retrieve objects like users, phones, and hardware tokens; otherwise 0. Only applicable to Admin API integrations.
adminapi_settingsbigint1 if the integration has been granted permission for Settings methods; otherwise 0. Only applicable to Admin API integrations.
adminapi_write_resourcebigint1 if the integration has been granted permission to modify objects like users, phones, and hardware tokens; otherwise 0. Only applicable to Admin API integrations.
frameless_auth_prompt_enabledbigint1 if the integration has been updated to support Duo Universal Prompt, otherwise 0. Only appears for a given integration after Duo makes the frameless prompt available for that application, and the value is set to 1 automatically when Duo detects a frameless authentication for the integration.
greetingtextVoice greeting read before the authentication instructions to users who authenticate with a phone callback.
groups_allowedjsonbA list of groups, as group IDs, that are allowed to authenticate with the integration. If empty, all groups are allowed.
integration_keytext=Integration ID.
nametextThe integration's name.
networks_for_api_accesstextA comma-separated list of IP addresses, IP ranges, or CIDRs specifying the networks allowed to access this API integration. Only returned for Accounts API and Admin API integrations.
notestextDescription of the integration.
policy_keytextThe identifying policy key for the custom policy attached to the integration. Not shown if no policy attached to the integration.
prompt_v4_enabledbigint1 if Duo Universal Prompt is activated for the application, otherwise 0. Only appears for a given integration when frameless_auth_prompt_enabled is 1 (value set automatically when Duo detects a frameless authentication for the integration).
secret_keytextSecret used when configuring systems to use this integration.
self_service_allowedjsonb1 if users may use self-service from this integration's 2FA prompt to update authentication devices, otherwise false (default).
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
typetextIntegration type, e.g. 1password, okta.
username_normalization_policytextThis controls whether or not usernames should be altered before trying to match them to a user account. One of: None, Simple.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- duo

You can pass the configuration to the command with the --config argument:

steampipe_export_duo --config '<your_config>' duo_integration