Databricks PAT
(Personal Access Token)
Service Name: Databricks
Service Description: Databricks is a unified data analytics platform designed to help organizations accelerate innovation by unifying data science, engineering, and business. It provides a collaborative environment for data engineering, machine learning, and analytics workflows.
Service Address: https://databricks.com/
Validation Type: API Auth
IP Allow list: IP access controls can be configured at the workspace level through Network Security features in Databricks.
Secret Access Scope: Grants programmatic access to Databricks workspaces and APIs, allowing users to interact with notebooks, jobs, clusters, and other Databricks resources.
Secret Revokement URL: https://docs.databricks.com/dev-tools/auth.html#token-management
Secret Example: dapi0123456789abcdefghijklmnopqrstuv
Suspicious Activity Investigation Instructions:
- Review the Databricks audit logs for unusual API calls or resource access.
- Check for unauthorized cluster creation or modification.
- Monitor for unexpected notebook executions or job runs.
- Look for data extraction operations or unusual query patterns.
- Verify if the token was used from unfamiliar IP addresses or locations.
Mitigation Instructions:
- Log in to your Databricks workspace.
- Navigate to User Settings (click on your username in the top-right corner).
- Select the "Access Tokens" tab.
- Find the compromised token and click "Revoke".
- Generate a new token if needed with appropriate permissions.
- Consider implementing IP access restrictions for your Databricks workspace.
- Review and update your organization's secret management policies.
- Ensure tokens are rotated regularly according to your security policies.