Conjur Variable Secret
Service Name: CyberArk Conjur
Service Description: CyberArk Conjur is an open source security service that integrates with popular tools to provide data encryption, identity management for humans and machines, and role-based access control for sensitive secrets and infrastructure.
Service Address: https://www.conjur.org/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the Conjur policy level using CIDR notation to restrict access to specific IP ranges.
Secret Access Scope: Grants access to sensitive variables, credentials, and configuration data stored within the Conjur vault based on defined policies and permissions.
Secret Revokement URL: https://docs.conjur.org/Latest/en/Content/Operations/Services/rotation.htm
Secret Example: 2x9sfdk3j4md0slq8jd92jd0vm3nfls0
Suspicious Activity Investigation Instructions:
- Review Conjur audit logs for unauthorized access attempts or unusual activity patterns
- Check for policy changes that might have expanded access permissions
- Examine authentication logs for login attempts from unusual locations or IP addresses
- Verify if any API keys or machine identities have been compromised
- Monitor for unusual secret retrieval patterns or volumes
Mitigation Instructions:
- Rotate the compromised Conjur variable secret immediately
- Update any applications or services using the compromised secret
- Review and tighten Conjur access policies to ensure the Principle of Least Privilege
- Enable multi-factor authentication if not already in place
- Implement IP restrictions for accessing the Conjur service
- Consider implementing secret rotation schedules for all sensitive variables
- Audit all roles and permissions to ensure proper access controls
- Review audit logs to identify potential security gaps