<span class="pill kill-chain">action</span>
<span class="pill kill-chain">actionlabel</span>
<span class="pill kill-chain">ctime</span>
<span class="pill kill-chain">description</span>
<span class="pill kill-chain">eventtype</span>
<span class="pill kill-chain">extracted_eventtype</span>
<span class="pill kill-chain">isotimestamp</span>
<span class="pill kill-chain">object</span>
<span class="pill kill-chain">timestamp</span>
<span class="pill kill-chain">username</span>
</div>
Data Source: Cisco Duo Administrator
Description
Data source object for Cisco Duo Administrator
Details
| Property | Value |
|---|---|
| Source | cisco_duo |
| Sourcetype | cisco:duo:administrator |
Related Detections
Supported Apps
- Cisco Security Cloud (version 3.6.3)
Event Fields
Fields
Example Log
1{"ctime": "Tue Jul 8 12:28:47 2025", "action": "policy_create", "description": "{\"enroll_policy\": \"Allow Access\", \"name\": \"test4\", \"pretty_trusted_devices\": \"\", \"admin_email\": \"test@test.com\"}", "isotimestamp": "2025-07-08T12:28:47+00:00", "object": "test4", "timestamp": 1751977727, "username": "Test Test", "host": "api-41e72ada.duosecurity.com", "extracted_eventtype": "administrator", "actionlabel": "Added policy"}
Required Output Fields
- user
Source: GitHub | Version: 1