IBM Cloud Satellite Location Key
Service Name: IBM Cloud Satellite
Service Description: IBM Cloud Satellite is a distributed cloud solution that enables you to run IBM Cloud services anywhere - on-premises, at the edge, or in public clouds. It provides a consistent cloud experience for managing applications across environments.
Service Address: https://cloud.ibm.com/satellite
Validation Type: API Auth
IP Allow list: IP restrictions can be configured through IBM Cloud IAM policies and network access policies.
Secret Access Scope: Grants access to manage and interact with IBM Cloud Satellite locations, which are infrastructure environments where you can run IBM Cloud services.
Secret Revokement URL: https://cloud.ibm.com/docs/satellite?topic=satellite-service-connection&interface=ui#service-connection-delete
Secret Example: satellite-location-key-a1b2c3d4e5f6g7h8i9j0
Suspicious Activity Investigation Instructions:
- Review IBM Cloud Activity Tracker logs for unusual API calls related to Satellite resources.
- Check for unauthorized location creations, modifications, or deletions.
- Monitor for unexpected service deployments or configuration changes within Satellite locations.
- Verify if there are any unusual data transfers or access patterns from unfamiliar IP addresses.
- Review host registration and management activities for signs of compromise.
Mitigation Instructions:
- Immediately rotate the compromised Satellite location key through the IBM Cloud console.
- Navigate to the IBM Cloud dashboard and access the Satellite section.
- Select the affected location and revoke the compromised key.
- Generate a new location key with appropriate permissions.
- Update any legitimate applications or services that were using the previous key.
- Review and strengthen IAM policies for the affected Satellite resources.
- Enable additional monitoring and alerts for Satellite location activities.
- Consider implementing more restrictive network policies to limit access to Satellite resources.