Tableau API Token
Service Name: Tableau
Service Description: Tableau is a visual analytics platform that helps people see and understand data. It offers interactive data visualization software focused on business intelligence.
Service Address: https://www.tableau.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the site level through Tableau Server's trusted authentication and IP safe lists.
Secret Access Scope: Grants programmatic access to Tableau REST API, allowing users to manage and interact with Tableau Server resources including workbooks, data sources, users, and sites.
Secret Revokement URL: https://help.tableau.com/current/server/en-us/security_personal_access_tokens.htm
Secret Example: T0k3n_1AbCd2EfGh3IjKl4MnOp5QrSt6UvWx7YzA8BbCc9DdEe0FfGg1HhIi2JjKk
Suspicious Activity Investigation Instructions:
- Review Tableau Server's administrative views for unusual access patterns
- Check the Tableau Server logs for API calls made with the token
- Monitor for unauthorized content creation, modification, or deletion
- Examine any scheduled extract refreshes or subscriptions created through the API
- Verify if there are any permission changes made to workbooks or data sources
Mitigation Instructions:
- Log in to Tableau Server as an administrator
- Navigate to the user's profile settings
- Select the "Settings" tab
- Locate the "Personal Access Tokens" section
- Find the compromised token and click "Delete"
- Create a new token if needed with appropriate permissions
- Update any legitimate applications or scripts to use the new token
- Consider implementing more restrictive token permissions for future tokens