Palantir JWT
Service Name: Palantir Technologies
Service Description: Palantir Technologies is a software company that specializes in big data analytics and provides software platforms for data integration, visualization, and analysis. Their platforms are used by organizations in various sectors including government, finance, healthcare, and more for data-driven decision-making.
Service Address: https://www.palantir.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the tenant level through Palantir's security settings.
Secret Access Scope: Palantir JWT (JSON Web Token) grants programmatic access to Palantir platforms and services, allowing authentication for API calls and data access based on the permissions associated with the token.
Secret Revokement URL: https://www.palantir.com/docs/foundry/api-overview/authentication/ (Access to specific revocation documentation requires Palantir customer login)
Secret Example: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IlBhbGFudGlyVXNlciIsImlhdCI6MTUxNjIzOTAyMn0.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c
Suspicious Activity Investigation Instructions:
- Review access logs in the Palantir platform for unusual API calls or data access patterns
- Check for unauthorized data exports or unusual query patterns
- Monitor for access from unexpected geographic locations or outside normal business hours
- Review user activity logs for any anomalous behavior or privilege escalation attempts
- Check for any modifications to data access permissions or user roles
Mitigation Instructions:
- Immediately revoke the compromised JWT token through the Palantir admin console
- Generate new JWT tokens for legitimate users if necessary
- Review and update access policies to ensure principle of least privilege
- Enable additional security controls such as IP restrictions if not already in place
- Contact Palantir support for assistance with security incident response
- Consider implementing shorter token expiration times for future tokens
- Review audit logs to understand the scope of potential data access during the compromise period