Skip to content

NetBox API Token

Service Name: NetBox

Service Description: NetBox is an open source web application designed to help manage and document computer networks. It was created specifically to address the needs of network and infrastructure engineers, providing IP address management (IPAM), equipment racks, devices, connections, virtual machines, and more.

Service Address: https://netbox.readthedocs.io/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the application level through NetBox's permissions system and web server configuration.

Secret Access Scope: Grants programmatic access to NetBox's REST API, allowing users to view, create, modify, and delete network infrastructure data based on the permissions assigned to the token.

Secret Revokement URL: https://netbox.readthedocs.io/en/stable/integrations/rest-api/#tokens

Secret Example: 0123456789abcdef0123456789abcdef01234567

Suspicious Activity Investigation Instructions:

  • Review NetBox audit logs for unusual API calls or resource modifications.
  • Check for unexpected changes to network infrastructure data.
  • Monitor for high-frequency API requests that might indicate automated scraping or abuse.
  • Examine the IP addresses that have been using the token for any unauthorized access.
  • Review the permissions assigned to the token to ensure they are appropriate.

Mitigation Instructions:

  • Log in to your NetBox instance as an administrator.
  • Navigate to Admin → Users → Tokens.
  • Locate the compromised token in the list.
  • Select the token and click "Delete" to revoke it immediately.
  • Create a new token with appropriate permissions if needed.
  • Consider implementing more restrictive permissions for API tokens.
  • Update any applications or scripts that were using the old token.
  • Review your NetBox instance's security settings and consider implementing additional security measures like IP restrictions.