StrongDM Access Token
Service Name: StrongDM
Service Description: StrongDM is a secure infrastructure access platform that provides zero trust access to databases, servers, clusters, and web applications. It simplifies access management by providing a single source of truth for managing permissions across all infrastructure.
Service Address: https://www.strongdm.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the resource level through StrongDM's access policies.
Secret Access Scope: Grants programmatic access to the StrongDM API, allowing management of users, resources, and access controls within the StrongDM platform.
Secret Revokement URL: https://app.strongdm.com/app/admin/tokens
Secret Example: sdm_tk_012345abcdef6789ghijklmnopqrstuvwxyz0123
Suspicious Activity Investigation Instructions:
- Review the StrongDM audit logs for unusual API calls or access patterns
- Check for unauthorized resource access or permission changes
- Monitor for unusual user activity or authentication attempts
- Verify if there are any unexpected changes to access policies or resource configurations
- Look for API calls from unusual IP addresses or outside normal business hours
Mitigation Instructions:
-
Log in to the StrongDM Admin UI at https://app.strongdm.com/
-
Navigate to Admin > API Tokens
- Locate the compromised token in the list
- Click the "Revoke" button next to the token
- Generate a new token if needed, with appropriate permissions
- Update any legitimate applications or services that were using the revoked
token
- Review access logs to determine the scope of potential compromise
- Consider implementing more restrictive token permissions using role-based
access controls