Loggly Customer Token
Service Name: Loggly (SolarWinds Loggly)
Service Description: Loggly is a cloud-based log management and analytics service that helps organizations collect, analyze, and visualize machine data from applications, servers, and devices for troubleshooting and monitoring purposes.
Service Address: https://www.loggly.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the account level through Loggly's security settings.
Secret Access Scope: Grants access to send logs to a specific Loggly customer account and can be used to write data to the Loggly service.
Secret Revokement URL: https://www.loggly.com/docs/customer-token-authentication-token/
Secret Example: 12345678-90ab-cdef-1234-567890abcdef
Suspicious Activity Investigation Instructions:
- Review Loggly account access logs for unauthorized IP addresses or unusual access patterns.
- Check for unexpected spikes in log volume that could indicate unauthorized usage.
- Examine the types of logs being sent to identify potential data exfiltration.
- Review account settings for any unauthorized changes to configurations or integrations.
- Monitor for unusual API calls or authentication attempts using the token.
Mitigation Instructions:
- Log in to your Loggly account and navigate to the Account settings.
- Go to the API Tokens section.
- Locate the compromised customer token and click "Revoke" or "Delete".
- Generate a new customer token to replace the compromised one.
- Update all legitimate applications and services with the new token.
- Review and update your security practices for storing and handling tokens.
- Consider implementing source IP restrictions if available for your account type.
- Audit your application code to ensure tokens are not hardcoded or exposed in public repositories.