Skip to content

Sqreen Token

Service Name: Sqreen (acquired by Datadog)

Service Description: Sqreen was a security platform that provided real-time application security monitoring and protection. It was acquired by Datadog in 2021 and has been integrated into Datadog's security offerings.

Service Address: https://www.datadoghq.com/ (Sqreen has been integrated into Datadog)

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the Datadog account level

Secret Access Scope: Sqreen tokens provided access to the Sqreen API, allowing management of security rules, monitoring of security events, and configuration of application protection features.

Secret Revokement URL: https://app.datadoghq.com/organization-settings/api-keys (Datadog API key management)

Secret Example: sq0atp-xxxxxxxxxxxxxxxxxxxxxxxx

Suspicious Activity Investigation Instructions:

  • Review the Datadog security logs for unusual API calls or access patterns
  • Check for unauthorized rule changes or security policy modifications
  • Monitor for unexpected application behavior or security events
  • Verify if the token has been used from unusual IP addresses or locations
  • Review access logs to determine the scope of potential compromise

Mitigation Instructions:

  • Immediately revoke the compromised token through the Datadog dashboard
  • Generate a new token with appropriate permissions if needed

  • Review and update security rules and configurations to ensure they haven't

been tampered with

  • Implement IP restrictions for API access if not already in place
  • Update any applications or services using the old token with the new

credentials

  • Consider implementing shorter token rotation periods
  • Enable multi-factor authentication for all users with access to security tokens