PagerDuty Integration Key
Service Name: PagerDuty
Service Description: PagerDuty is an incident management platform that provides reliable notifications, automatic escalations, on-call scheduling, and other functionality to help teams detect and fix infrastructure problems quickly.
Service Address: https://www.pagerduty.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the account level through IP Access Control Lists in PagerDuty's Advanced Security Package.
Secret Access Scope: Integration keys grant the ability to trigger, acknowledge, and resolve incidents in PagerDuty. Different integration keys are tied to specific services within PagerDuty.
Secret Revokement URL: https://support.pagerduty.com/docs/services-and-integrations#section-create-and-delete-integration-keys
Secret Example: e93facc04764012d7bfb002500d5d1a6
Suspicious Activity Investigation Instructions:
- Review the PagerDuty audit logs for unusual incident creation or resolution activities
- Check for incidents created outside of normal operational patterns
- Verify if the integration key was used from unusual IP addresses or locations
- Review the frequency and timing of API calls made using the integration key
- Check for unauthorized services being added to your PagerDuty account
Mitigation Instructions:
-
Log in to your PagerDuty account as an administrator
-
Navigate to the "Services" section in the main menu
- Select the specific service associated with the compromised integration key
- Click on the "Integrations" tab for that service
- Delete the compromised integration key by clicking the trash icon
- Create a new integration key if needed
- Update all systems and applications that use the integration key with the new
key
- Review and update your security policies regarding the handling of integration
keys
- Consider implementing IP restrictions through PagerDuty's Advanced Security
Package