Skip to content

Azure Databricks

Workspace Token (PAT)

Service Name: Azure Databricks

Service Description: Azure Databricks is a data analytics platform optimized for the Microsoft Azure cloud services platform. It provides a collaborative environment for data engineering, data science, and machine learning with Apache Spark integration.

Service Address: https://databricks.com/product/azure

Validation Type: API Auth

IP Allow list: IP access controls can be configured at the Azure Databricks workspace level through Azure Network Security Groups and Private Link.

Secret Access Scope: Grants programmatic access to Azure Databricks workspaces, allowing users to interact with notebooks, jobs, clusters, and data.

Secret Revokement URL: https://docs.databricks.com/dev-tools/auth.html#token-management

Secret Example: dapi0123456789abcdef0123456789abcdef

Suspicious Activity Investigation Instructions:

  • Review the Databricks audit logs for unusual API calls or resource access
  • Check for unauthorized notebook executions or job runs
  • Monitor for unusual cluster creation or configuration changes
  • Examine data access patterns for potential data exfiltration
  • Review user permissions and access controls within the workspace

Mitigation Instructions:

  • Immediately revoke the compromised token through the Databricks UI:
  • Navigate to the user settings in your Databricks workspace
  • Go to "User Settings" > "Access Tokens"
  • Find the compromised token and click "Revoke"
  • Alternatively, revoke via API using the Databricks REST API token management

endpoints

  • Generate a new token with appropriate permissions if needed
  • Review and update IP access controls for the Databricks workspace
  • Implement token rotation policies to regularly cycle credentials
  • Consider implementing Databricks workspace-level access controls to limit the

scope of future tokens