PagerDuty Authorization Token
Service Name: PagerDuty
Service Description: PagerDuty is an incident management platform that provides reliable notifications, automatic escalations, on-call scheduling, and other functionality to help teams detect and fix infrastructure problems quickly.
Service Address: https://www.pagerduty.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the account level through PagerDuty's IP Access Control feature.
Secret Access Scope: Grants programmatic access to PagerDuty's API, allowing management of incidents, services, schedules, and users based on the permissions of the associated user account.
Secret Revokement URL: https://support.pagerduty.com/docs/generating-api-keys#revoking-api-keys
Secret Example: y_NbAkKc66ryYTWUXYEu
Suspicious Activity Investigation Instructions:
- Review the PagerDuty audit logs for unusual API calls or activity
- Check for unauthorized incident creation, modification, or resolution
- Monitor for changes to escalation policies, schedules, or user permissions
- Look for API access from unusual IP addresses or locations
- Verify if there are any new integrations or services added without authorization
Mitigation Instructions:
- Log in to your PagerDuty account as an administrator
-
Navigate to Configuration → API Access
-
Locate the compromised API key
- Click the "Revoke" button next to the key
- Generate a new API key if needed
- Update all legitimate applications and integrations with the new key
- Consider implementing IP restrictions for API access through PagerDuty's IP
Access Control feature
- Review user permissions to ensure they follow the principle of least privilege