PagerDuty API Key
Service Name: PagerDuty
Service Description: PagerDuty is an incident management platform that provides reliable notifications, automatic escalations, on-call scheduling, and other functionality to help teams detect and fix infrastructure problems quickly.
Service Address: https://www.pagerduty.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the account level through PagerDuty's IP Access Control feature.
Secret Access Scope: Grants programmatic access to PagerDuty resources including incidents, services, schedules, and users based on the API key's permissions.
Secret Revokement URL: https://support.pagerduty.com/docs/api-access-keys#revoke-an-api-key
Secret Example: y_NbAkKc66ryYTWUXYEu
Suspicious Activity Investigation Instructions:
- Review PagerDuty audit logs for unusual API calls or resource access.
- Check for unauthorized incident creation, resolution, or modification.
- Monitor for changes to escalation policies, schedules, or user permissions.
- Look for API requests from unusual IP addresses or locations.
- Verify if there are any new integrations or webhooks that were recently added.
Mitigation Instructions:
- Log in to your PagerDuty account as an administrator.
- Navigate to Configuration > API Access.
- Locate the compromised API key in the list.
- Click the Revoke button next to the key.
- Create a new API key with appropriate permissions if needed.
- Update any legitimate applications or integrations with the new API key.
- Consider implementing IP restrictions for API access through PagerDuty's IP Access Control feature.
- Review and update user permissions to enforce the Principle of Least Privilege.