Table: duo_token - Query Duo Security Tokens using SQL
Duo Security is a cloud-based trusted access provider protecting the world's fastest-growing and largest companies and thousands of organizations worldwide, including Dresser-Rand, Etsy, Facebook, K-Swiss, Random House, Yelp, Zillow, Paramount Pictures, and more. Duo Security's innovative and easy-to-use technology can be quickly deployed to protect users, data, and applications from breaches, credential theft, and account takeover. Token is a hardware device that generates passcodes for login to Duo-protected services and applications.
Table Usage Guide
The duo_token
table provides insights into Duo Security Tokens, which are integral to the two-factor authentication process. As a security engineer, explore token-specific details through this table, including token type, serial number, and associated users. Utilize it to manage and track the usage of tokens within your organization, ensuring appropriate distribution and usage.
Examples
List all tokens
select serial, token_id, typefrom duo_tokenorder by serial;
select serial, token_id, typefrom duo_tokenorder by serial;
Tokens and their users
select t.serial, u ->> 'username' as usernamefrom duo_token as t, jsonb_array_elements(t.users) as uorder by serial, username;
select t.serial, json_extract(u.value, '$.username') as usernamefrom duo_token as t, json_each(t.users) as uorder by t.serial, username;
Tokens by platform
select type, count(*)from duo_tokengroup by typeorder by type;
select type, count(*)from duo_tokengroup by typeorder by type;
Schema for duo_token
Name | Type | Operators | Description |
---|---|---|---|
_ctx | jsonb | Steampipe context in JSON form. | |
serial | text | The serial number of the hardware token; used to uniquely identify the hardware token when paired with type. | |
sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
sp_ctx | jsonb | Steampipe context in JSON form. | |
token_id | text | = | The token's ID. |
totp_step | text | Value is null for all supported token types. | |
type | text | Specify a type and serial number to look up a single hardware token. One of: h6 (HOTP-6 hardware token), h8 (HOTP-8 hardware token), yk (YubiKey AES hardware token), d1 (Duo-D100 hardware token). | |
users | jsonb | A list of end users associated with this hardware token. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- duo
You can pass the configuration to the command with the --config
argument:
steampipe_export_duo --config '<your_config>' duo_token