Configuration Audit
Workflow #0063
This workflow retrieves various settings from the Duo Admin API for audit purposes. If the information is retrieved successfully, a ServiceNow incident is created to document what was fetched.
Change Log
Date | Notes |
---|---|
Apr 29, 2022 | - Initial release |
Sep 7, 2022 | - Minor updates to naming and descriptions |
See the Important Notes page for more information about updating workflows
Requirements
- The following system atomics are used by this workflow:
- Duo - Admin - Get Admins
- Duo - Admin - Get Endpoints
- Duo - Admin - Get Integrations
- Duo - Admin - Get Settings
- Duo - Admin - Get User
- The following atomic actions must be imported before you can import this workflow:
- ServiceNow - Create Incident (CiscoSecurity_Atomics)
- The targets and account keys listed at the bottom of the page
- Duo Security
- ServiceNow
Workflow Steps
- Fetch global variables
- Verify required input was provided
- Get Duo admin settings, parse and update results
- Get the list of Duo admins, parse and update results
- Get the Duo user count, parse and update results
- Get the Duo endpoint count, parse and update results
- Get the list of Duo integrations, parse and update results
- Create a ServiceNow incident with results
Configuration
- Provide the workflow your Duo Security Admin API information by either:
- Storing the information in global variables and using the
Fetch Global Variables
group at the beginning of the workflow to update theDuo Hostname
,Duo Integration Key
, andDuo Secret Key
local variables; or - Remove the variables from the
Fetch Global Variables
group and add your information directly to the corresponding local variables
- Storing the information in global variables and using the
- Update the
ServiceNow User ID
local variable with the username you want incidents opened as. This can either match the username in your ServiceNow Account Key or, if the account has the appropriate permissions, can be a different user - By default, this workflow is configured to run on demand. You can create a schedule if you want it to run at a set interval
Targets
Target Group: Default TargetGroup
Target Name | Type | Details | Account Keys | Notes |
---|---|---|---|---|
Duo Security | HTTP Endpoint | Protocol: HTTPS Host: <api hostname>.duosecurity.com Path: None | None | Be sure to use the API Hostname from your Duo integration |
ServiceNow | HTTP Endpoint | Protocol: HTTPS Host: <instance>.service-now.com Path: /api | ServiceNow_Credentials | Be sure to use your instance URL |
Account Keys
Account Key Name | Type | Details | Notes |
---|---|---|---|
ServiceNow_Credentials | HTTP Basic Authentication | Username: ServiceNow User ID Password: ServiceNow Password |