Skip to content

IBM Spectrum Protect Plus Key

Service Name: IBM Spectrum Protect Plus

Service Description: IBM Spectrum Protect Plus is an enterprise data protection solution that provides backup, recovery, replication, and reuse for virtual machines, databases, applications, file systems, SaaS workloads, and containers.

Service Address: https://www.ibm.com/products/spectrum-protect-plus

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the server level through IBM Spectrum Protect Plus administrative settings.

Secret Access Scope: Grants programmatic access to IBM Spectrum Protect Plus APIs for backup management, recovery operations, and administrative functions.

Secret Revokement URL: https://www.ibm.com/docs/en/spectrum-protect-plus/10.1.8?topic=administering-managing-user-access

Secret Example: SPP-API-b8f62c4e-7a5d-4893-9d1f-e8a7c3b5f912

Suspicious Activity Investigation Instructions:

  • Review the audit logs in the IBM Spectrum Protect Plus management console for unauthorized access or operations.
  • Check for unusual backup or restore operations that weren't scheduled or approved.
  • Monitor for unexpected changes to backup policies, schedules, or retention settings.
  • Verify if there have been any unauthorized data access or export operations.
  • Examine system logs for connections from unusual IP addresses or outside normal business hours.

Mitigation Instructions:

  • Log in to the IBM Spectrum Protect Plus administrative console.
  • Navigate to the "Configuration" > "User Management" section.
  • Locate the affected API key or user account.
  • Revoke or delete the compromised API key.
  • Generate a new API key if needed for legitimate services.
  • Update any applications or scripts that use the API key with the new credentials.
  • Consider implementing more restrictive access controls and IP restrictions.
  • Review and update your security policies for API key management.