Aruba Central API Token
Service Name: Aruba Central
Service Description: Aruba Central is a cloud-based network management and monitoring platform that provides centralized configuration, monitoring, and management of Aruba wireless, wired, and SD-WAN infrastructure.
Service Address: https://www.arubanetworks.com/products/network-management-operations/central/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the account level through Aruba Central's access control settings.
Secret Access Scope: Grants programmatic access to Aruba Central APIs, allowing management of network devices, configuration changes, monitoring, and reporting capabilities.
Secret Revokement URL: https://central.arubanetworks.com/platform/api-gateway/
Secret Example: xCxAyqEW9tpqJf4Tn2KpFgH7LmZ8RvBs3DcX6kQz
Suspicious Activity Investigation Instructions:
- Review API access logs in Aruba Central for unusual API calls or patterns.
- Check for unauthorized device configuration changes or firmware updates.
- Monitor for unusual network topology changes or device additions.
- Examine API usage patterns for abnormal volume or timing of requests.
- Review user activity logs to identify potential unauthorized access.
Mitigation Instructions:
- Log in to the Aruba Central dashboard.
-
Navigate to Account Home > Platform > API Gateway.
-
Locate the compromised API token in the list.
- Click on the token and select "Revoke" or "Delete".
- Generate a new API token if needed.
- Update any legitimate applications or integrations with the new token.
- Consider implementing more restrictive API access controls and IP restrictions.
- Review and update your organization's secret management practices.