Grafana API Token
Service Name: Grafana
Service Description: Grafana is an open-source analytics and interactive visualization web application that provides charts, graphs, and alerts for the web when connected to supported data sources. It allows users to create, explore, and share dashboards with teams and enables monitoring of metrics from various data sources.
Service Address: https://grafana.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the organization level through Grafana's authentication settings and access control policies.
Secret Access Scope: Grants programmatic access to Grafana instances with permissions based on the token's role (Admin, Editor, Viewer). Can be used to access dashboards, create/modify visualizations, manage users, and interact with data sources depending on the assigned permissions.
Secret Revokement URL: https://grafana.com/docs/grafana/latest/administration/api-keys/
Secret Example: eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbk
Suspicious Activity Investigation Instructions:
- Review Grafana audit logs for unusual API calls or dashboard access
- Check for unauthorized dashboard creation or modification
- Monitor for unusual data source queries or configuration changes
- Verify if there are any new users or permission changes
- Look for API tokens created without proper authorization
- Check for data exports or unusual visualization changes
Mitigation Instructions:
- Log in to your Grafana instance as an administrator
- Navigate to Configuration > API Keys section
- Locate the compromised API token in the list
- Click the "Revoke" button next to the token to immediately invalidate it
- Create a new API token with appropriate permissions if needed
- Review and update your organization's token management policies
- Consider implementing shorter token expiration periods
- Enable audit logging if not already active to monitor future token usage
- Review all dashboards and data sources for unauthorized changes