BeyondTrust Password Safe Key
Service Name: BeyondTrust Password Safe
Service Description: BeyondTrust Password Safe is a privileged access management solution that secures and manages privileged credentials, providing automated password and session management to protect critical systems and sensitive data.
Service Address: https://www.beyondtrust.com/password-safe
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the platform level through BeyondTrust's access policies.
Secret Access Scope: Grants API access to the BeyondTrust Password Safe platform, allowing for automated password retrieval, session management, and administrative operations.
Secret Revokement URL: https://www.beyondtrust.com/docs/password-safe/documents/api/index.htm
Secret Example: 3f4d55a8e4b025230071c584a7e32862f6c41a12c2b5d7264d974fb3de6b8741
Suspicious Activity Investigation Instructions:
- Review the Password Safe audit logs for unusual credential retrievals or API calls.
- Check for access attempts outside of normal business hours or from unusual locations.
- Monitor for mass credential retrievals or unusual session activity patterns.
- Examine API usage patterns for automated scripts or tools that may be misusing the API key.
- Review user activity reports to identify potential unauthorized access.
Mitigation Instructions:
- Log into the BeyondTrust Password Safe administrative console.
- Navigate to the API Registration section.
- Locate and delete the compromised API key.
- Generate a new API key with appropriate permissions.
- Update all legitimate applications and services with the new API key.
- Implement IP restrictions for API access if not already in place.
- Consider implementing additional authentication factors for API access.
- Review and adjust API access permissions to follow the principle of least privilege.