Grafana Service Account Token
Service Name: Grafana
Service Description: Grafana is an open-source analytics and interactive visualization web application that provides charts, graphs, and alerts for the web when connected to supported data sources.
Service Address: https://grafana.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the organization level through Grafana's authentication settings.
Secret Access Scope: Grants programmatic access to Grafana resources based on the permissions assigned to the service account. Can be used to access dashboards, alerts, and other Grafana resources.
Secret Revokement URL: https://grafana.com/docs/grafana/latest/administration/service-accounts/#manage-service-account-tokens
Secret Example: glsa_1234567890abcdefghijklmnopqrstuvwxyz_12345678
Suspicious Activity Investigation Instructions:
- Review Grafana audit logs for unusual API calls or dashboard access
- Check for unauthorized dashboard or data source modifications
- Monitor for unusual query patterns or data extraction activities
- Verify if the token was used from unusual IP addresses or locations
- Check for creation of new service accounts or users
Mitigation Instructions:
-
Log in to your Grafana instance as an admin
-
Navigate to Administration > Service accounts
- Find the compromised service account
- Click on the service account and select the Tokens tab
- Click the trash icon next to the compromised token to revoke it
- Create a new token with appropriate permissions if needed
- Consider rotating all service account tokens as a precaution
- Review and adjust the permissions assigned to the service account
- Enable additional authentication measures like IP restrictions if available