Jira API Token
Service Name: Atlassian Jira
Service Description: Jira is a project management and issue tracking tool developed by Atlassian. It allows teams to plan, track, and manage software development projects, as well as other types of work across various teams.
Service Address: https://www.atlassian.com/software/jira
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the organization level in Atlassian Access. Admins can restrict access to specific IP ranges.
Secret Access Scope: Grants programmatic access to Jira REST APIs, allowing operations such as creating issues, managing workflows, querying data, and administering projects depending on the user's permissions.
Secret Revokement URL: https://id.atlassian.com/manage-profile/security/api-tokens
Secret Example: NPQw2GbOXMPUXF9lQjmU1234
Suspicious Activity Investigation Instructions:
- Review Jira audit logs for unusual API calls or access patterns
- Check for unexpected issue creation, modification, or deletion
- Monitor for unauthorized project access or configuration changes
- Examine user activity logs for the account associated with the token
- Look for API requests from unusual IP addresses or locations
- Check for bulk operations that might indicate automated misuse
Mitigation Instructions:
-
Log in to your Atlassian account at https://id.atlassian.com/
-
Navigate to Security > API tokens
- Locate the compromised token in the list
- Click the "Revoke" button next to the token
- Create a new token if needed with appropriate permissions
- Consider implementing IP restrictions for API access
- Review and update user permissions to follow the principle of least privilege
- Enable two-factor authentication for all Atlassian accounts
- Implement regular token rotation policies