Skip to content

Grafana Service Account Token

Service Name: Grafana

Service Description: Grafana is an open-source analytics and interactive visualization web application that provides charts, graphs, and alerts for the web when connected to supported data sources.

Service Address: https://grafana.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the organization level through Grafana's authentication settings.

Secret Access Scope: Grants programmatic access to Grafana resources based on the permissions assigned to the service account. Can be used to access dashboards, alerts, and other Grafana resources.

Secret Revokement URL: https://grafana.com/docs/grafana/latest/administration/service-accounts/#manage-service-account-tokens

Secret Example: glsa_1234567890abcdefghijklmnopqrstuvwxyz_12345678

Suspicious Activity Investigation Instructions:

  • Review Grafana audit logs for unusual API calls or dashboard access
  • Check for unauthorized dashboard or data source modifications
  • Monitor for unusual query patterns or data extraction activities
  • Verify if the token was used from unusual IP addresses or locations
  • Check for creation of new service accounts or users

Mitigation Instructions:

  • Log in to your Grafana instance as an admin

  • Navigate to Administration > Service accounts

  • Find the compromised service account
  • Click on the service account and select the Tokens tab
  • Click the trash icon next to the compromised token to revoke it
  • Create a new token with appropriate permissions if needed
  • Consider rotating all service account tokens as a precaution
  • Review and adjust the permissions assigned to the service account
  • Enable additional authentication measures like IP restrictions if available