NetSuite Token Secret
Service Name: NetSuite
Service Description: NetSuite is a cloud-based business management suite that offers ERP, CRM, financial management, and e-commerce capabilities to help organizations manage their business operations.
Service Address: https://www.netsuite.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the account level through NetSuite's IP address authentication feature.
Secret Access Scope: Grants programmatic access to NetSuite resources and data through RESTlets, SuiteTalk (SOAP web services), or SuiteScript APIs.
Secret Revokement URL: https://system.netsuite.com/app/setup/integservices.nl
Secret Example: e9b7d8c6a5f4e3d2b1a0c9b8a7f6e5d4c3b2a1f0e9d8c7b6a5f4e3d2b1a0
Suspicious Activity Investigation Instructions:
- Review NetSuite login history and audit logs for unusual access patterns.
- Check for unauthorized API calls or data exports.
- Monitor for changes to user permissions or role assignments.
- Examine integration logs for unexpected connections or data transfers.
- Review any scheduled scripts or workflows that may have been modified.
Mitigation Instructions:
- Log in to your NetSuite account as an administrator.
- Navigate to Setup > Integration > Manage Integrations.
-
Locate the token in question and click "Revoke" or "Delete".
-
Create a new token with appropriate permissions if needed.
- Update any legitimate applications using the old token.
- Review and adjust role-based permissions for API access.
- Consider implementing IP restrictions for API access if not already in place.
- Enable two-factor authentication for all administrator accounts.