Contents
Duo Splunk Connector allow administrators to easily import their Duo logs into their Splunk environment.
Download the current release from Splunkbase.
Version 2.1.0 - December 2, 2024
- Upgraded Splunk SDK version.
- No change in functionality of Duo Splunk Connector.
- This Duo Splunk Connector will reach end of life as of May 1, 2025. Please update to the Cisco Security Cloud application on Splunkbase before this date.
Version 2.0.3 - July 25, 2024
- Fixed an issue in the
app.manifest
file that did not comply with Splunk's standards.
Version 2.0.2 - September 11, 2023
- Adds new Duo log types:
- Activity Logs
- Authentication v2 Logs
- Telephony v2 Logs
- Trust Monitor Logs
- Adds ability to enable/disable individual log types to ingest.
- Adds support for multiple input instances.
- Increases security of credentials.
- Migrates storage of log timestamps from file on disk to a Splunk KV store.
- Separates Duo-specific Splunk logs into a
SPLUNK_HOME/var/log/splunk/duo_splunkapp
folder. - Normalizes Splunk fields -
ctime
,timestamp
,eventtype
, andhost
. - Decreases the initial lookback period for new logs from 30 days to 7 days.
Version 1.2.2 - June 8, 2023
- Correctly restores
default/indexes.conf
if it already existed. - Updates
app.manifest
andapp.conf
with the correct version number.
Version 1.2.1 - June 7, 2023
- Corrects an issue in Duo Splunk Connector 1.2.0 where the
default/indexes.conf
index was inadvertently removed from Splunk Cloud if it already existed.
Version 1.2.0 - June 5, 2023
- Removed support for Python 2 and Splunk releases below 8.0.
- Updated dependencies:
- splunk-sdk 1.7.3
- duo-client 4.7.1
- pytz 2023.3
- six 1.16.0
- Duo Splunk Connector installer no longer creates the
duo
index automatically for new installs.
Version 1.1.9 - March 3, 2022
- Updated to jQuery 3.5+ for security fixes.
- Updated Splunk-SDK to 1.6.15 to support new version.
Version 1.1.8 - February 23, 2021
- Fixed a bug in packaging where latest version of the
six
module was not getting set insplunk env
. This resolves issues seen upgrading to the latest version of Duo Splunk Connector due to incompatible libraries in oldersix
versions.
Version 1.1.7 - July 9, 2020
- Customers should not upgrade directly to this version from v1.1.5 or earlier. Update your installation to v1.1.6 first, then proceed with the 1.1.7 upgrade.
- Added support for Splunk 8.0, including the optional
python3
runtime included with Splunk 8. - The Python runtime default in
inputs.conf
now sets the runtime topython3
for Splunk versions 8.0 or newer (python.version = python3
). This change has no effect in Splunk 7.x environments, which continue using thepython2
runtime.
Version 1.1.6 - February 11, 2020
- Fixed error message that would appear for Duo Federal edition customers during initial connector configuration.
Version 1.1.5 - September 2019
- Added support for Splunk 7.3.
- Fixed bug related to error log messages sometimes breaking the Splunk JsonLineBreaker.
- Added more verbose logging messages to aid in troubleshooting.
- Improved performance when validating Duo Admin API credentials during the initial setup.
Version 1.1.4 - February 2019
- Added more helpful logging
- App will now gracefully handle API rate limits and results pagination
- Improved Endpoint retrieval process
- Minor changes to the dashboard queries to assist in a future preview
Version 1.1.3 - June 2018
- Now available in Splunkbase for Splunk Cloud
- Alignment with Splunk plugin recommended architecture
- Removed
repoFactor=auto
from the defaultindexes.conf
file
Version 1.1.2 - June 2017
- Bug fixes
Version 1.1.1 - May 2017
- Encrypting Duo SKEY with Splunk's encryption system
- Updated README with support information
Version 1.1.0 - March 2017
- Added Macro support allowing admins to specify a custom index
- Changed map on authentication page to use city instead of longitude and latitude
- Bug fixes
Version 1.0.1 - March 2017
- Initial Splunkbase release