Skip to content

Azure Application Insights API Key

Service Name: Azure Application Insights

Service Description: Azure Application Insights is an extensible Application Performance Management (APM) service for developers and DevOps professionals. It's used to monitor live applications, automatically detect performance anomalies, and includes powerful analytics tools to help diagnose issues and understand what users actually do with your app.

Service Address: https://azure.microsoft.com/en-us/services/monitor/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the Azure resource level using Network Security Groups or Private Link.

Secret Access Scope: Grants programmatic access to query Application Insights data, create and manage alerts, and access telemetry data depending on the key type (read-only or full access).

Secret Revokement URL: https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/microsoft.insights%2Fcomponents

Secret Example: 2xgzadgj7ukl9bpqe0oih6s8wt4ravlv1mnop5dr

Suspicious Activity Investigation Instructions:

  • Review Azure Activity logs for unusual API calls or access patterns.
  • Check for unexpected query volume or data extraction activities.
  • Monitor for unauthorized access from unfamiliar IP addresses.
  • Examine the types of queries being executed against your Application Insights resources.
  • Review resource utilization metrics for unusual spikes in usage.

Mitigation Instructions:

  • Navigate to the Azure Portal and locate your Application Insights resource.
  • Go to the "API Access" section in the left menu.
  • Locate the compromised API key and click "Delete".
  • Create a new API key with appropriate permissions if needed.
  • Update all legitimate applications and services to use the new key.
  • Consider implementing IP restrictions for API access if possible.
  • Enable Azure Defender for additional security monitoring.
  • Review and update access policies to follow the Principle of Least Privilege.