QRadar - Cisco DUO protocol workflow #176

davek01 · 2023-05-17T15:06:30Z

davek01
May 17, 2023

Hi,
I've a Cisco DUO log source that use protocol type Universal Cloud REST API with a protocol workflow as explained here in this link: https://www.ibm.com/docs/en/qradar-on-cloud?topic=options-cisco-duo-protocol-workflow

In this link there is an xml workflow and I would like to know if on this xml there is some kind of filter on DUO logs, or if it collects every Authentication Logs. Cause I'm noticing that probably some authentication logs are missing.

Thanks

Answered by charlieqma

May 18, 2023

It does collect Authentication logs but doesn't use the optional event_types filter in the XML workflow. It will collect the last 30 days of data initially and that's the only filter used in the workflow API query.

View full answer

charlieqma · 2023-05-18T16:21:29Z

charlieqma
May 18, 2023

It does collect Authentication logs but doesn't use the optional event_types filter in the XML workflow. It will collect the last 30 days of data initially and that's the only filter used in the workflow API query.

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

QRadar - Cisco DUO protocol workflow #176

{{title}}

Replies: 1 comment

{{title}}

Select a reply

QRadar - Cisco DUO protocol workflow #176

davek01 May 17, 2023

Replies: 1 comment

charlieqma May 18, 2023

davek01
May 17, 2023

charlieqma
May 18, 2023