Secret / Token Activity from Restricted Region
Vaulted secret retrieved from device in restricted country
NHI Token used from device in restricted country
Eco-system support
-
AWS Secrets Manager
-
Azure Key Vault
-
GCP Secrets Manager
-
AWS IAM Access token
-
Azure app registration token
-
GCP Service Account key
-
GitHub Personal access token
-
GitHub App (TBD)
-
Okta app token
Description
SailPoint Entro observed secret / token usage activity by a device geolocated in a restricted country according to your company policy. This could indicate it might be used for malicious intentions or potential misuse.
Risk triggers
Audit log of token usage/secret retrieval originated from an IP Geo-located in restricted regions.