Datadog API Key
Service Name: Datadog
Service Description: Datadog is a monitoring and analytics platform for cloud-scale applications. It provides full-stack observability by bringing together infrastructure metrics, application traces, logs, and user experience monitoring in one unified platform.
Service Address: https://www.datadoghq.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the organization level in Datadog. You can restrict access to the Datadog API and web UI by IP address.
Secret Access Scope: Datadog API keys grant programmatic access to Datadog's API endpoints, allowing for monitoring, reporting, and configuration management of Datadog resources.
Secret Revokement URL: https://app.datadoghq.com/organization-settings/api-keys
Secret Example: d4t4d0g1234567890abcdef1234567890
Suspicious Activity Investigation Instructions:
- Review the Datadog audit logs for unusual API calls or configuration changes.
- Check for unexpected dashboards, monitors, or integrations created in your Datadog account.
- Look for unusual data collection patterns or unexpected spikes in API usage.
- Verify if the API key was used from unusual geographic locations or IP addresses.
- Review the list of active API keys in your Datadog organization settings.
Mitigation Instructions:
-
Log in to your Datadog account and navigate to Organization Settings > API Keys.
-
Locate the compromised API key in the list.
- Click on the "Disable" button next to the key to immediately revoke access.
-
Create a new API key with appropriate permissions to replace the compromised one.
-
Update all legitimate applications and services to use the new API key.
- Consider implementing IP restrictions for your Datadog API keys.
- Review and update your secret management practices to prevent future exposures.