Skip to content

Secret / Token Activity from Restricted Region

Vaulted secret retrieved from device in restricted country

NHI Token used from device in restricted country

Eco-system support

  • AWS Secrets Manager

  • Azure Key Vault

  • GCP Secrets Manager

  • AWS IAM Access token

  • Azure app registration token

  • GCP Service Account key

  • GitHub Personal access token

  • GitHub App (TBD)

  • Okta app token

Description

SailPoint Entro observed secret / token usage activity by a device geolocated in a restricted country according to your company policy. This could indicate it might be used for malicious intentions or potential misuse.

Risk triggers

Audit log of token usage/secret retrieval originated from an IP Geo-located in restricted regions.