steampipe plugin install duo

Table: duo_token - Query Duo Security Tokens using SQL

Duo Security is a cloud-based trusted access provider protecting the world's fastest-growing and largest companies and thousands of organizations worldwide, including Dresser-Rand, Etsy, Facebook, K-Swiss, Random House, Yelp, Zillow, Paramount Pictures, and more. Duo Security's innovative and easy-to-use technology can be quickly deployed to protect users, data, and applications from breaches, credential theft, and account takeover. Token is a hardware device that generates passcodes for login to Duo-protected services and applications.

Table Usage Guide

The duo_token table provides insights into Duo Security Tokens, which are integral to the two-factor authentication process. As a security engineer, explore token-specific details through this table, including token type, serial number, and associated users. Utilize it to manage and track the usage of tokens within your organization, ensuring appropriate distribution and usage.

Examples

List all tokens

select
serial,
token_id,
type
from
duo_token
order by
serial;
select
serial,
token_id,
type
from
duo_token
order by
serial;

Tokens and their users

select
t.serial,
u ->> 'username' as username
from
duo_token as t,
jsonb_array_elements(t.users) as u
order by
serial,
username;
select
t.serial,
json_extract(u.value, '$.username') as username
from
duo_token as t,
json_each(t.users) as u
order by
t.serial,
username;

Tokens by platform

select
type,
count(*)
from
duo_token
group by
type
order by
type;
select
type,
count(*)
from
duo_token
group by
type
order by
type;

Schema for duo_token

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
serialtextThe serial number of the hardware token; used to uniquely identify the hardware token when paired with type.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
token_idtext=The token's ID.
totp_steptextValue is null for all supported token types.
typetextSpecify a type and serial number to look up a single hardware token. One of: h6 (HOTP-6 hardware token), h8 (HOTP-8 hardware token), yk (YubiKey AES hardware token), d1 (Duo-D100 hardware token).
usersjsonbA list of end users associated with this hardware token.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- duo

You can pass the configuration to the command with the --config argument:

steampipe_export_duo --config '<your_config>' duo_token