<span class="pill kill-chain">access_device.browser</span>
<span class="pill kill-chain">access_device.browser_version</span>
<span class="pill kill-chain">access_device.ip.address</span>
<span class="pill kill-chain">access_device.location.city</span>
<span class="pill kill-chain">access_device.location.country</span>
<span class="pill kill-chain">access_device.location.state</span>
<span class="pill kill-chain">access_device.os</span>
<span class="pill kill-chain">access_device.os_version</span>
<span class="pill kill-chain">action.details</span>
<span class="pill kill-chain">action.name</span>
<span class="pill kill-chain">activity_id</span>
<span class="pill kill-chain">actor.details</span>
<span class="pill kill-chain">actor.key</span>
<span class="pill kill-chain">actor.name</span>
<span class="pill kill-chain">actor.type</span>
<span class="pill kill-chain">akey</span>
<span class="pill kill-chain">application</span>
<span class="pill kill-chain">ctime</span>
<span class="pill kill-chain">eventtype</span>
<span class="pill kill-chain">extracted_eventtype</span>
<span class="pill kill-chain">old_target</span>
<span class="pill kill-chain">outcome.result</span>
<span class="pill kill-chain">target.details</span>
<span class="pill kill-chain">target.key</span>
<span class="pill kill-chain">target.name</span>
<span class="pill kill-chain">target.type</span>
<span class="pill kill-chain">ts</span>
</div>
Data Source: Cisco Duo Activity
Description
Data source object for Cisco Duo Activity
Details
Property | Value |
---|---|
Source | cisco_duo |
Sourcetype | cisco:duo:activity |
Supported Apps
- Cisco Security Cloud (version 3.2.3)
Event Fields
Example Log
1{"ctime": "Thu Jul 10 07:37:49 2025", "access_device": {"browser": "Chrome", "browser_version": "137.0.0.0", "ip": {"address": "1.2.3.4"}, "location": {"city": "San Jose", "country": "United States", "state": "California"}, "os": "Windows", "os_version": "11"}, "action": {"details": "{\"auth_method\": \"Password\", \"auth_device\": \"WAPF4P9AJ344ZX3DGPNO\", \"factor\": \"webauthn\", \"role\": \"Owner\"}", "name": "admin_login"}, "activity_id": "e9b8d7eb-f274-4250-8f52-d0bee46b8abc", "actor": {"details": "{\"created\": \"2025-07-02T09:18:46.000000+00:00\", \"last_login\": \"2025-07-10T07:37:33.000000+00:00\", \"email\": \"test@test.com\", \"status\": null, \"groups\": null}", "key": "DEKXVXLFZBK5U0C9F1ST", "name": "Test Test", "type": "admin"}, "akey": "DAYQ46XVNT0NKTYQ5L5O", "application": null, "old_target": null, "outcome": {"result": "SUCCESS"}, "target": {"details": null, "key": null, "name": null, "type": "admin_login"}, "ts": "2025-07-10T07:37:49.616714+00:00", "timestamp": 1752133069, "host": "api-41e72ada.duosecurity.com", "extracted_eventtype": "activity"}
Source: GitHub | Version: 1