Skip to content

Loggly Customer Token

Service Name: Loggly (SolarWinds Loggly)

Service Description: Loggly is a cloud-based log management and analytics service that helps organizations collect, analyze, and visualize machine data from applications, servers, and devices for troubleshooting and monitoring purposes.

Service Address: https://www.loggly.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the account level through Loggly's security settings.

Secret Access Scope: Grants access to send logs to a specific Loggly customer account and can be used to write data to the Loggly service.

Secret Revokement URL: https://www.loggly.com/docs/customer-token-authentication-token/

Secret Example: 12345678-90ab-cdef-1234-567890abcdef

Suspicious Activity Investigation Instructions:

  • Review Loggly account access logs for unauthorized IP addresses or unusual access patterns.
  • Check for unexpected spikes in log volume that could indicate unauthorized usage.
  • Examine the types of logs being sent to identify potential data exfiltration.
  • Review account settings for any unauthorized changes to configurations or integrations.
  • Monitor for unusual API calls or authentication attempts using the token.

Mitigation Instructions:

  • Log in to your Loggly account and navigate to the Account settings.
  • Go to the API Tokens section.
  • Locate the compromised customer token and click "Revoke" or "Delete".
  • Generate a new customer token to replace the compromised one.
  • Update all legitimate applications and services with the new token.
  • Review and update your security practices for storing and handling tokens.
  • Consider implementing source IP restrictions if available for your account type.
  • Audit your application code to ensure tokens are not hardcoded or exposed in public repositories.