simple PoC to leverage the Cisco DUO Admin API and send a Webhook for denied Authentications to Slack
You need the DUO Admin API credentials
- ikey
- skey
- duo api host
if a webhook should be send use the option --hook with your webhook PATH you obtained through slack
The Webhoook URL will look like this https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX strip https://hooks.slack.com/services/ from it and append it as an option.
- hook T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX
//node main.js --ikey <duo ikey> --skey <duo skey> --host <duo api endpoint> --hook <slack hook Path>
node main.js --ikey <duo ikey> --skey <duo-skey> --host api-xxxxxxxx.duosecurity.com --hook T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXXrework for usage env vars and test serverless.