Skip to content

PagerDuty Integration Key

Service Name: PagerDuty

Service Description: PagerDuty is an incident management platform that provides reliable notifications, automatic escalations, on-call scheduling, and other functionality to help teams detect and fix infrastructure problems quickly.

Service Address: https://www.pagerduty.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the account level through IP Access Control Lists in PagerDuty's Advanced Security Package.

Secret Access Scope: Integration keys grant the ability to trigger, acknowledge, and resolve incidents in PagerDuty. Different integration keys are tied to specific services within PagerDuty.

Secret Revokement URL: https://support.pagerduty.com/docs/services-and-integrations#section-create-and-delete-integration-keys

Secret Example: e93facc04764012d7bfb002500d5d1a6

Suspicious Activity Investigation Instructions:

  • Review the PagerDuty audit logs for unusual incident creation or resolution activities
  • Check for incidents created outside of normal operational patterns
  • Verify if the integration key was used from unusual IP addresses or locations
  • Review the frequency and timing of API calls made using the integration key
  • Check for unauthorized services being added to your PagerDuty account

Mitigation Instructions:

  • Log in to your PagerDuty account as an administrator

  • Navigate to the "Services" section in the main menu

  • Select the specific service associated with the compromised integration key
  • Click on the "Integrations" tab for that service
  • Delete the compromised integration key by clicking the trash icon
  • Create a new integration key if needed
  • Update all systems and applications that use the integration key with the new

key

  • Review and update your security policies regarding the handling of integration

keys

  • Consider implementing IP restrictions through PagerDuty's Advanced Security

Package