Skip to content

Elastic API Key

Service Name: Elastic

Service Description: Elastic is a search and analytics company that offers a suite of products including Elasticsearch, Kibana, Beats, and Logstash, collectively known as the Elastic Stack (formerly ELK Stack). These tools are used for search, logging, security, and analytics purposes.

Service Address: https://www.elastic.co/

Validation Type: API Auth

IP Allow list: Does not exist

Secret Access Scope: Grants access to Elasticsearch APIs and resources based on the permissions assigned to the API key.

Secret Revokement URL: https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-invalidate-api-key.html

Secret Example: AAEAAWVsYXN0aWMva2liYW5hL3Rva2VuMTpkZWZhdWx0X2FkbWluOjEyMzQ1Njc4OTBhYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5eg==

Suspicious Activity Investigation Instructions:

  • Check Elasticsearch audit logs for unauthorized API calls or unusual access patterns
  • Review access logs for suspicious IP addresses or locations
  • Examine resource usage for unusual spikes that might indicate abuse
  • Check for unauthorized index creation or data access
  • Monitor for unusual search patterns or high-volume queries

Mitigation Instructions:

  • Immediately invalidate the compromised API key using the Elasticsearch API
  • Create a new API key with appropriate permissions
  • Review and update access control policies
  • Implement IP-based restrictions if possible
  • Consider implementing shorter expiration times for API keys
  • Audit all actions performed with the compromised key