Skip to content

Elastic Cloud Credentials

Service Name: Elastic Cloud

Service Description: Elastic Cloud is a fully managed service that offers Elasticsearch and Kibana as a service. It provides a scalable, resilient, and secure way to deploy, operate, and scale Elasticsearch clusters in the cloud.

Service Address: https://cloud.elastic.co/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the deployment level through network settings and security rules.

Secret Access Scope: Grants programmatic access to manage Elastic Cloud deployments, including creating, modifying, and deleting Elasticsearch clusters, as well as accessing deployment information.

Secret Revokement URL: https://cloud.elastic.co/account/keys

Secret Example: ec_api_key_1a2b3c4d5e6f7g8h9i0j_abcdefghijklmnopqrstuvwxyz123456789

Suspicious Activity Investigation Instructions:

  • Review the Elastic Cloud audit logs for unusual API calls or deployment modifications.
  • Check for unauthorized deployments or modifications to existing deployments.
  • Monitor for unusual access patterns or access from unexpected locations.
  • Verify if there are any unexpected changes to deployment configurations or security settings.
  • Check for unauthorized user access or role changes within the Elastic Cloud console.

Mitigation Instructions:

  • Log in to the Elastic Cloud console at https://cloud.elastic.co/.
  • Navigate to the Account section.
  • Select the API Keys tab.
  • Locate the compromised API key.
  • Select the Delete button next to the compromised key.
  • Create a new API key with appropriate permissions if needed.
  • Update any applications or services that were using the old key.
  • Review deployment security settings and ensure proper access controls are in place.
  • Consider enabling IP filtering for API access if available.
  • Review and update security policies to prevent future credential exposure.