F5 API Token
Service Name: F5 Networks
Service Description: F5 Networks provides application delivery and security solutions for the delivery of apps, data, and services. Their products include load balancers, application security, and access management solutions.
Service Address: https://www.f5.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the F5 BIG-IP management interface level through access policies.
Secret Access Scope: F5 API tokens grant programmatic access to F5 BIG-IP systems, allowing management of load balancing, security policies, and network configurations.
Secret Revokement URL: https://support.f5.com/csp/article/K41763344
Secret Example: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6ImFkbWluIiwic291cmNlI joibG9jYWwiLCJ0b2tlbkV4cGlyYXRpb24iOjE1ODcwMDU2MDB9.xxxxxxxxxxxxxxxxxxxxxxx xxxx
Suspicious Activity Investigation Instructions:
- Review F5 BIG-IP audit logs for unusual API calls or configuration changes
- Check for unauthorized access attempts or unusual login patterns
- Monitor for unexpected changes to load balancing rules, security policies, or network configurations
- Verify if there are any unauthorized virtual servers or pools created
- Check for unusual traffic patterns or security events in the F5 logs
Mitigation Instructions:
- Log into the F5 BIG-IP management interface
- Navigate to System > Users > Token Administration
- Locate the compromised token and click "Delete"
- Generate a new token if needed
- Review and update access policies to restrict API access by IP address
- Consider implementing shorter token expiration times
- Enable multi-factor authentication for administrative access
- Review and update user permissions to enforce principle of least privilege
- Update any applications or scripts using the revoked token with the new
credentials