Solved: Re: How to tell when a device is added using Splunk DUO API integratio

Gigawatt · ‎02-20-2024

Hello all,

We are trying to narrow down when a device is added to a user account within Duo. We normally use the Duo PowerShell module(GitHub - mbegan/Duo-PSModule: Duo Admin API Powershell Wrapper Module) to pull a lot of random reports that are needed but I couldn't seem to find what property to look for when querying Duo.

I didn't see a built in report either, we are on "Duo Essentials" Edition if that helps, but we do have the Duo Splunk API ingratiation.

With some help from some of my counterparts we were able to narrow it to the "device" having a phone number and the "new_enrollment:" value being "true". Just wanted to confirm that this is 100% what we should be looking for, thanks everyone.

Pulkit Mittal · ‎02-29-2024

This is correct, however, for peace of mind, I would also suggest adding a new phone number to an existing user account and checking to see if both the attributes are present with new_enrollment set to true for the newly added device.

Please mark this helpful if you are happy with the response.

View solution in original post

Pulkit Mittal · ‎02-29-2024

This is correct, however, for peace of mind, I would also suggest adding a new phone number to an existing user account and checking to see if both the attributes are present with new_enrollment set to true for the newly added device.

Please mark this helpful if you are happy with the response.

How to tell when a device is added using Splunk DUO API integration