Skip to main content

Duo Keys

Description#

General#

  • Documentation: https://duo.com/docs/authapi
  • Summary: Duo is a company providing a RESTful API for adding strong two-factor authentication to an application. This detector aims at catching the Duo keys (integration key, secret key, and API hostname) used to access this API.
  • IPs allowlist: As of the time of writing this documentation, this feature is not available.
  • Scopes: Duo keys have full access to the Duo Auth API.

Revoke the secret#

Duo keys can be revoked in the Duo Admin Panel (https://admin.duosecurity.com/).

Check for suspicious activity#

As of the time of writing this documentation, this feature is not available.

Details for Duo keys#

  • Family: Api

  • Category: Identity provider

  • Company: Duo

  • High recall: False

  • Validity check available: True

  • On-premise instances exist: False

  • Only valid secrets raise an alert: False

  • Minimum number of matches: 3

  • Occurrences found for one million commits: very rare

  • Prefixed: False

  • PreValidators:

- type: ContentWhitelistPreValidator  patterns:  - duosecurity\.com

Examples#

- text: >    integration_key=XOHQUEIZANG7QUAEJIUW    secret_key=IexipeeveevoLeibiethohChoh2heitapheesuTh    base_url=https://api-abcd1234.duosecurity.com  integration_key: XOHQUEIZANG7QUAEJIUW  secret_key: IexipeeveevoLeibiethohChoh2heitapheesuTh  subdomain: api-abcd1234