Apr 01 2022 08:07 AM
Has anybody been able to get the Cisco Duo Security data connector to work? I've set it up with the provided "easy button" of Deploy To Azure and it creates the function and the various dependent components. Checked and re-checked my duo api keys and host url's, etc. but every 10 minutes when the function fires, it throws an exception:
Result: Failure Exception: RuntimeError: Received 403 Access forbidden Stack: File "/azure-functions-host/workers/python/3.8/LINUX/X64/azure_functions_worker/dispatcher.py", line 402, in _handle__invocation_request call_result = await self._loop.run_in_executor( File "/usr/local/lib/python3.8/concurrent/futures/thread.py", line 57, in run result = self.fn(*self.args, **self.kwargs) File "/azure-functions-host/workers/python/3.8/LINUX/X64/azure_functions_worker/dispatcher.py", line 611, in _run_sync_func return ExtensionManager.get_sync_invocation_wrapper(context, File "/azure-functions-host/workers/python/3.8/LINUX/X64/azure_functions_worker/extension.py", line 215, in _raw_invocation_wrapper result = function(**args) File "/home/site/wwwroot/AzureFunctionCiscoDuo/main.py", line 55, in main process_trust_monitor_events(admin_api, state_manager=state_manager, sentinel=sentinel) File "/home/site/wwwroot/AzureFunctionCiscoDuo/main.py", line 98, in process_trust_monitor_events for event in admin_api.get_trust_monitor_events_iterator(mintime=mintime, maxtime=maxtime): File "/home/site/wwwroot/.python_packages/lib/site-packages/duo_client/client.py", line 441, in json_cursor_api_call (response, metadata) = self.parse_json_response_and_metadata( File "/home/site/wwwroot/.python_packages/lib/site-packages/duo_client/client.py", line 482, in parse_json_response_and_metadata raise_error('Received %s %s' % ( File "/home/site/wwwroot/.python_packages/lib/site-packages/duo_client/client.py", line 468, in raise_error raise error
I even nuked and re-deployed this function just for something to try, but it didn't change anything.
Thoughts?
Apr 04 2022 03:17 AM
Solution@NamNori - You may need to choose log types that your environment support. Looks like you don't have access / support for all types of logs. See the attached screencap -
Apr 05 2022 02:28 PM
Aug 07 2022 09:07 PM
@NamNori For myself I had to removed the trust_monitor in the LOG_TYPE to be able to work. Because the licence DUo that I use is not licence for that. But I still have problem to have the function work because of that... Bunch of other tables not parsed correctly...
Apr 04 2022 03:17 AM
Solution@NamNori - You may need to choose log types that your environment support. Looks like you don't have access / support for all types of logs. See the attached screencap -