Ghost Inspector API Key
Service Name: Ghost Inspector
Service Description: Ghost Inspector is an automated browser testing and monitoring service that allows users to create, manage, and execute automated tests for websites and web applications. It provides tools for recording browser interactions, scheduling tests, and receiving notifications about test failures.
Service Address: https://ghostinspector.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the organization level through the Ghost Inspector dashboard.
Secret Access Scope: Grants programmatic access to the Ghost Inspector API, allowing users to create, manage, and execute tests, as well as retrieve test results and manage other resources within their Ghost Inspector account.
Secret Revokement URL: https://ghostinspector.com/docs/api/authentication/
Secret Example: 5f6e88a3e703c74683f91a3b9c8a9e1234567890
Suspicious Activity Investigation Instructions:
- Review the Ghost Inspector dashboard for unauthorized test executions or modifications.
- Check API logs for unusual API calls or access patterns.
- Monitor for unauthorized test creations or deletions.
- Review test execution history for tests run at unusual times or with unusual frequency.
- Check for changes to notification settings or integrations that might redirect test results.
Mitigation Instructions:
- Log in to your Ghost Inspector account.
- Navigate to Account Settings > API.
- Revoke the compromised API key by clicking the Regenerate button.
- Generate a new API key.
- Update all legitimate applications and services using the API key with the new key.
- Review and update IP restrictions if available.
- Enable two-factor authentication for your Ghost Inspector account if not already enabled.
- Review account activity logs to ensure no unauthorized changes were made.