Monitor your IdP for suspicious activity

Request a DemoRead the Docs

Monitor Duo logs to gain complete visibility into IdP activity with Panther’s Duo integration.

Duo is a trusted security platform that provides two-factor authentication, endpoint security, and remote access solutions to secure all your sensitive data. Panther can collect, normalize, and monitor Duo logs to help you identify suspicious activity in real time. Your normalized data is then retained to power future security investigations in a serverless data lake powered by AWS or the cloud-native data platform, Snowflake.

Use Panther’s built in rules to monitor activity, or write your own detections in Python to fit your internal business use cases.

Use Cases

Common security use cases for Duo with Panther include:

  • Track and analyze users accessing applications via Duo two-factor authentication
  • Monitor unexpected behavior from users with administrative permissions to Duo
  • Identify suspicious visits and logins from offline devices

How it Works

The integration is simple and fast:

  • Add Duo as a data source in Panther using a new or existing API token
  • Panther parses, normalizes, and analyzes your log data in real-time
  • As rules are triggered, alerts are sent to your configured destinations
  • Normalized logs can be searched from Panther’s Data Explorer
  • Sit back and monitor your activity!

Learn more about Panther's supported log schema for Duo.