Cisco Duo Security Sentinel

A security-first identity and access management platform, Cisco Duo integrates with Microsoft Sentinel for visibility into your full identity stack.

Duo IAM provides comprehensive, AI-driven identity protection and management, integrating MFA, SSO, and user directories for secure, simplified access. It seamlessly connects with third-party systems and Cisco Identity Intelligence, offering unified monitoring, behavioral analytics, and automated responses to threats, while enhancing user productivity and reducing management costs.

The new Duo IAM integration with Microsoft Sentinel allows an organization to ingest a variety of security and authentication logs into Microsoft Sentinel, providing comprehensive visibility into identity and access activities. Log types Duo IAM can send to Microsoft Sentinel include:

• Authentication Logs: Details of successful and failed user login attempts, including time, user, application, and location.

• Access Logs: Records of users accessing protected resources or applications.

• MFA Events: Logs showing multi-factor authentication challenges, approvals, denials, and bypasses.

• Administrator Actions: Audit trails of admin activities such as policy changes, user management, and configuration updates.

• Device Health and Trust Events: Information on device posture, compliance checks, and endpoint security status.

• Security Alerts: Notifications of suspicious or potentially malicious activity detected by Duo IAM.

• Duo Trust Monitor: Provide alerts on anomalous user authentication behavior, highlighting unusual or risky activity for enhanced threat detection.

By forwarding these logs to Microsoft Sentinel, organizations gain real-time, centralized visibility to support threat detection, investigation, and compliance efforts. For detailed release notes, visit our GitHub repository at….

Note: The specific types of logs available for ingestion may depend on your Duo IAM license.