What Changed
This update addresses reliability issues in the Cisco Duo Data Connector Function App that could cause incomplete data ingestion when processing large batches of offline enrollment logs. The connector now includes timeout detection to prevent Azure Function execution limits from causing forced termination and partial ingestion.
Security Impact (Visibility & Fidelity)
Before this fix: Deployments processing large volumes of offline enrollment logs experienced timeout-induced ingestion failures, creating blind spots in Duo security event visibility. When the Function App hit Azure execution time limits, offline enrollment events were partially ingested or lost entirely.
After this fix: The connector monitors execution time and gracefully saves progress before timeout, ensuring consistent data ingestion for offline enrollment events. This prevents detection blind spots that occurred when Functions were forcibly terminated mid-processing.
Technical Details
- Dependency Updates: duo-client upgraded from 5.5.0 to 5.6.1, cryptography pinned to 43.0.3 for security maintenance
- Timeout Protection: Added check_if_script_runs_too_long() guard specifically for offline enrollment log processing
- Function Bundle: Extension bundle version range updated to [4.*, 5.0.0) for better compatibility with Azure Functions runtime
- Packaging: Function App deployment package rebuilt with corrected Python dependency structure
Affected Files
Solutions/CiscoDuoSecurity/Data Connectors/AzureFunctionCiscoDuo/main.py
Solutions/CiscoDuoSecurity/Data Connectors/host.json
Solutions/CiscoDuoSecurity/Data Connectors/requirements.txt
(packaging artefacts: CiscoDuoSecurity_func.zip)