NetSuite Token
Service Name: NetSuite
Service Description: NetSuite is a cloud-based business management suite offering ERP, CRM, and e-commerce functionality. It provides integrated applications for financial management, order processing, inventory management, production, supply chain, and warehouse operations.
Service Address: https://www.netsuite.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the account level through NetSuite's IP address restrictions feature.
Secret Access Scope: Grants programmatic access to NetSuite resources and data through RESTlets, SuiteTalk (SOAP web services), or SuiteScript APIs.
Secret Revokement URL: https://system.netsuite.com/app/setup/accesstokens.nl
Secret Example: e82c01b6a9127bfe2d3c92e3c8041fd7ae9f691e8e20d1dad5a5e7c8f40e7f5a
Suspicious Activity Investigation Instructions:
- Review NetSuite system logs for unusual API calls or data access patterns
- Check login history for suspicious IP addresses or times
- Monitor for unusual data exports or mass record modifications
- Review integration logs for unexpected API usage patterns
- Check for unauthorized role changes or permission escalations
Mitigation Instructions:
- Log in to your NetSuite account as an administrator
-
Navigate to Setup > Integration > Access Tokens
-
Locate the compromised token in the list
- Click "Revoke" next to the token to immediately invalidate it
- Create a new token with appropriate permissions if needed
- Review and update integration permissions to follow the Principle of Least Privilege.
- Consider implementing IP restrictions for API access if not already in place
- Update any applications or services using the revoked token with the new token