Skip to content

Logz.io API Token

Service Name: Logz.io

Service Description: Logz.io is a cloud observability platform that provides log management, infrastructure monitoring, and cloud SIEM capabilities built on ELK Stack (Elasticsearch, Logstash, and Kibana) and Grafana.

Service Address: https://logz.io/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the account level through the Logz.io platform.

Secret Access Scope: Grants programmatic access to Logz.io APIs, allowing users to send logs, metrics, and traces, manage account settings, and access monitoring data.

Secret Revokement URL: https://app.logz.io/#/dashboard/settings/manage-tokens/api

Secret Example: b7dfe6f0-1234-5678-abcd-ef1234567890

Suspicious Activity Investigation Instructions:

  • Review the Logz.io audit trail for unusual API calls or data access patterns.
  • Check for unexpected log shipping configurations or new integrations.
  • Monitor for unusual data export activities or changes to alert configurations.
  • Review account settings for unauthorized changes to users, permissions, or tokens.
  • Examine API usage metrics for abnormal request volumes or patterns.

Mitigation Instructions:

  • Log in to your Logz.io account and navigate to the Settings page.

  • Go to "Manage Tokens" > "API tokens" section.

  • Locate the compromised token in the list.
  • Click the trash icon next to the token to revoke it immediately.
  • Create a new API token with appropriate permissions if needed.
  • Update all legitimate applications and services to use the new token.
  • Review and adjust token permissions to follow the principle of least privilege.
  • Consider implementing token rotation policies for regular security maintenance.