Skip to content

Databricks SP

Service Name: Databricks

Service Description: Databricks is a unified data analytics platform designed to help organizations accelerate innovation by unifying data science, engineering, and business. It provides a collaborative environment for data engineering, machine learning, and analytics.

Service Address: https://databricks.com/

Validation Type: API Auth

IP Allow list: Does not exist

Secret Access Scope: Grants programmatic access to Databricks workspaces and resources using service principal authentication.

Secret Revokement URL: https://docs.databricks.com/dev-tools/service-principals.html#manage-service-principals

Secret Example: dose1a2b3c4d5e6f7g8h9i0j1k2l3m4n5o6p

Suspicious Activity Investigation Instructions:

  • Check Databricks audit logs for unusual API calls or resource access
  • Review workspace activity for unauthorized notebook executions
  • Monitor for unusual cluster creation or job scheduling
  • Check for data extraction operations or unauthorized exports
  • Examine authentication logs for failed login attempts

Mitigation Instructions:

  • Log into the Databricks Admin Console
  • Navigate to the User Management section
  • Locate the compromised service principal
  • Rotate the service principal token or delete the service principal
  • Review and revoke any permissions granted to the compromised service principal
  • Check for and remove any jobs or notebooks created by the compromised service principal