Logz.io API Token
Service Name: Logz.io
Service Description: Logz.io is a cloud observability platform that provides log management, infrastructure monitoring, and cloud SIEM capabilities built on ELK Stack (Elasticsearch, Logstash, and Kibana) and Grafana.
Service Address: https://logz.io/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the account level through the Logz.io platform.
Secret Access Scope: Grants programmatic access to Logz.io APIs, allowing users to send logs, metrics, and traces, manage account settings, and access monitoring data.
Secret Revokement URL: https://app.logz.io/#/dashboard/settings/manage-tokens/api
Secret Example: b7dfe6f0-1234-5678-abcd-ef1234567890
Suspicious Activity Investigation Instructions:
- Review the Logz.io audit trail for unusual API calls or data access patterns.
- Check for unexpected log shipping configurations or new integrations.
- Monitor for unusual data export activities or changes to alert configurations.
- Review account settings for unauthorized changes to users, permissions, or tokens.
- Examine API usage metrics for abnormal request volumes or patterns.
Mitigation Instructions:
-
Log in to your Logz.io account and navigate to the Settings page.
-
Go to "Manage Tokens" > "API tokens" section.
- Locate the compromised token in the list.
- Click the trash icon next to the token to revoke it immediately.
- Create a new API token with appropriate permissions if needed.
- Update all legitimate applications and services to use the new token.
- Review and adjust token permissions to follow the principle of least privilege.
- Consider implementing token rotation policies for regular security maintenance.