On August 11, 2023, Cisco announced that Cisco SecureX will go end-of-life on July 31, 2024. The content in this Github repository will not be actively maintained following this announcement.

Configuration Audit

Workflow #0063

This workflow retrieves various settings from the Duo Admin API for audit purposes. If the information is retrieved successfully, a ServiceNow incident is created to document what was fetched.

GitHub


Change Log

Date Notes
Apr 29, 2022 - Initial release
Sep 7, 2022 - Minor updates to naming and descriptions

See the Important Notes page for more information about updating workflows


Requirements

  • The following system atomics are used by this workflow:
    • Duo - Admin - Get Admins
    • Duo - Admin - Get Endpoints
    • Duo - Admin - Get Integrations
    • Duo - Admin - Get Settings
    • Duo - Admin - Get User
  • The following atomic actions must be imported before you can import this workflow:
  • The targets and account keys listed at the bottom of the page
  • Duo Security
  • ServiceNow

Workflow Steps

  1. Fetch global variables
  2. Verify required input was provided
  3. Get Duo admin settings, parse and update results
  4. Get the list of Duo admins, parse and update results
  5. Get the Duo user count, parse and update results
  6. Get the Duo endpoint count, parse and update results
  7. Get the list of Duo integrations, parse and update results
  8. Create a ServiceNow incident with results

Configuration

  • Provide the workflow your Duo Security Admin API information by either:
    • Storing the information in global variables and using the Fetch Global Variables group at the beginning of the workflow to update the Duo Hostname, Duo Integration Key, and Duo Secret Key local variables; or
    • Remove the variables from the Fetch Global Variables group and add your information directly to the corresponding local variables
  • Update the ServiceNow User ID local variable with the username you want incidents opened as. This can either match the username in your ServiceNow Account Key or, if the account has the appropriate permissions, can be a different user
  • By default, this workflow is configured to run on demand. You can create a schedule if you want it to run at a set interval

Targets

Target Group: Default TargetGroup

Target Name Type Details Account Keys Notes
Duo Security HTTP Endpoint Protocol: HTTPS
Host: <api hostname>.duosecurity.com
Path: None
None Be sure to use the API Hostname from your Duo integration
ServiceNow HTTP Endpoint Protocol: HTTPS
Host: <instance>.service-now.com
Path: /api
ServiceNow_Credentials Be sure to use your instance URL

Account Keys

Account Key Name Type Details Notes
ServiceNow_Credentials HTTP Basic Authentication Username: ServiceNow User ID
Password: ServiceNow Password