My organization is coming up on our go-live for requiring Duo for a variety of platforms. We are trying to get auth, admin, and telephony logs to our SIEM (LogRhythm) prior to go-live. Since there is no connector/plugin for Duo that leaves the method of pulling the logs down via API and ingesting them as a flat file or csv format. I am aware of these resources for accomplishing this: https://duo.com/docs/adminapi#logs and https://github.com/duosecurity. However, the team that operates our SIEM does not have a strong scripting background and this process will live on their platform. Are there more resources I am missing that could help them get this going?
The fact that Duo does not provide a more seamless process, or does not put more effort into working with SIEM vendors to make it seamless, IMO is a major drawback of the product. Any corporation with any compliance or regulatory restrictions will need to have these logs ingested into a SIEM. This should not be a manual, custom process that is prone to human error.