Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
SOLVED

Cisco Duo

Copper Contributor

Has anybody been able to get the Cisco Duo Security data connector to work?  I've set it up with the provided "easy button" of Deploy To Azure and it creates the function and the various dependent components.  Checked and re-checked my duo api keys and host url's, etc.  but every 10 minutes when the function fires, it throws an exception:

Result: Failure Exception: RuntimeError: Received 403 Access forbidden Stack: File "/azure-functions-host/workers/python/3.8/LINUX/X64/azure_functions_worker/dispatcher.py", line 402, in _handle__invocation_request call_result = await self._loop.run_in_executor( File "/usr/local/lib/python3.8/concurrent/futures/thread.py", line 57, in run result = self.fn(*self.args, **self.kwargs) File "/azure-functions-host/workers/python/3.8/LINUX/X64/azure_functions_worker/dispatcher.py", line 611, in _run_sync_func return ExtensionManager.get_sync_invocation_wrapper(context, File "/azure-functions-host/workers/python/3.8/LINUX/X64/azure_functions_worker/extension.py", line 215, in _raw_invocation_wrapper result = function(**args) File "/home/site/wwwroot/AzureFunctionCiscoDuo/main.py", line 55, in main process_trust_monitor_events(admin_api, state_manager=state_manager, sentinel=sentinel) File "/home/site/wwwroot/AzureFunctionCiscoDuo/main.py", line 98, in process_trust_monitor_events for event in admin_api.get_trust_monitor_events_iterator(mintime=mintime, maxtime=maxtime): File "/home/site/wwwroot/.python_packages/lib/site-packages/duo_client/client.py", line 441, in json_cursor_api_call (response, metadata) = self.parse_json_response_and_metadata( File "/home/site/wwwroot/.python_packages/lib/site-packages/duo_client/client.py", line 482, in parse_json_response_and_metadata raise_error('Received %s %s' % ( File "/home/site/wwwroot/.python_packages/lib/site-packages/duo_client/client.py", line 468, in raise_error raise error

I even nuked and re-deployed this function just for something to try, but it didn't change anything.  

 

Thoughts?

3 Replies
best response confirmed by NamNori (Copper Contributor)
Solution

@NamNori - You may need to choose log types that your environment support. Looks like you don't have access / support for all types of logs. See the attached screencap - 

 

anki504_0-1649067346287.png

 

so much for the "easy button" to deploy the solution. It defaulted all possible logs. I removed all but Authentication, and it started working. Good enough for my purposes, but now I can tinker and see what log(s) was causing the 403. Thanks!

@NamNori  For myself I had to removed the trust_monitor in the LOG_TYPE to be able to work. Because the licence DUo that I use is not licence for that. But I still have problem to have the function work because of that... Bunch of other tables not parsed correctly...

1 best response

Accepted Solutions
best response confirmed by NamNori (Copper Contributor)
Solution

@NamNori - You may need to choose log types that your environment support. Looks like you don't have access / support for all types of logs. See the attached screencap - 

 

anki504_0-1649067346287.png

 

View solution in original post