Configuring the AlienApp for Cisco Duo

Role Availability Read-Only Investigator Analyst Manager
Role Availability Read-Only Investigator Analyst Manager
Role Availability Read-Only Investigator Analyst Manager

To use the AlienApp for Cisco Duo in USM Anywhere, you first need to log in to Cisco Duo to create an API hostname, integration key, and secret key.

To get the API credentials from Cisco Duo

Follow the Cisco documentation on how to create API credentials to obtain the API hostname, integration key, and secret key.

Connecting the Cisco Duo App in USM Anywhere

After you obtain the credentials, you must configure the connection within USM Anywhere.

To enable the AlienApp for Cisco Duo

  1. In USM Anywhere, go to Data Sources > AlienApps.
  2. Click the Available Apps tab.
  3. Search for the AlienApp, and then click the tile.
  4. Click Configure API.
  5. If you have more than one deployed USM Anywhere Sensor, select the sensor that you want to use for the enabled AlienApp.

    AlienApps operate through a deployed sensor and use APIs to integrate with the connected third-party technology. Select the sensor that can access the integration endpoint. The HTTPS connections to the API will originate from this sensor, so it is important to make sure the sensor has network access to the AlienApp API endpoints.

  6. Enter the information you generated from the Cisco Duo admin panel into the following fields:

    • API hostname
    • Integration key
    • Secret key
  7. Click Save.
  8. Verify the connection.

    After USM Anywhere completes a successful connection to the Cisco Secure Endpoint Representational State Transfer (REST) APIs, a icon displays in the Health column.

    If the icon displays, there is a problem with the connection. The Message column provides information about the issue. Repeat the steps to fix the configuration or troubleshoot your Cisco Secure Endpoint connection.

Cisco Duo Event Collection

Once the AlienApp for Cisco Duo has been configured, you can choose to have USM Anywhere collect Cisco Duo events from the app on an hourly basis.

To configure Cisco Duo event collection

  1. Go to Settings > Scheduler.
  2. In the Job Scheduler, search for the Cisco Secure Endpoint app on the sensor it was deployed to.
  3. In the enabled column, click the icon for the inactive Cisco Secure Endpoint events job.

    The icon turns green and hourly event collection from Cisco Secure Endpoint is enabled.

    Job Scheduler Main Page

  4. (Optional.) Click the icon to customize the frequency of the event collection.