Dynatrace API Token
Service Name: Dynatrace
Service Description: Dynatrace is an all-in-one software intelligence platform that provides application performance monitoring (APM), infrastructure monitoring, digital experience monitoring, and AIOps capabilities to help organizations optimize application performance, improve user experience, and accelerate innovation.
Service Address: https://www.dynatrace.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the account level through Dynatrace's access management settings.
Secret Access Scope: Grants programmatic access to Dynatrace APIs based on the specific scopes assigned to the token. Can provide access to monitoring data, configuration settings, and platform functionality.
Secret Revokement URL: https://www.dynatrace.com/support/help/dynatrace-api/basics/dynatrace-api-authentication#manage-api-tokens
Secret Example: dt0c01.ST2EY72KQINMH574WMNVI7YN.G3DFPBEJYMODIDAEX454M7YWBUVEFOWKPRVMWFASS64NFH52PX6BNDVFFM572RZM
Suspicious Activity Investigation Instructions:
- Review the Dynatrace audit logs for unusual API calls or configuration changes.
- Check the token's usage history in the Dynatrace interface.
- Monitor for unauthorized access to sensitive monitoring data or configuration changes.
- Verify if the token has been used from unusual IP addresses or locations.
- Check for unexpected changes to monitoring configurations, dashboards, or alerting rules.
Mitigation Instructions:
- Log in to your Dynatrace environment.
- Navigate to Settings > Integration > Dynatrace API.
- Find the compromised token in the list of API tokens.
- Select the Delete button next to the token.
- Create a new token with appropriate scopes if needed.
- Update any legitimate applications or services that were using the old token.
- Review and potentially restrict the scopes assigned to new tokens to follow the principle of least privilege.
- Consider implementing token rotation policies for regular security maintenance.