IBM Watson Speech to Text Key
Service Name: IBM Watson Speech to Text
Service Description: IBM Watson Speech to Text is a cloud service that enables you to convert spoken audio into written text. It uses machine learning to combine information about grammar and language structure to generate accurate transcriptions.
Service Address: https://www.ibm.com/cloud/watson-speech-to-text
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the IBM Cloud account level using network access policies.
Secret Access Scope: Grants programmatic access to IBM Watson Speech to Text service, allowing audio transcription and model customization.
Secret Revokement URL: https://cloud.ibm.com/iam/apikeys
Secret Example: AbCd1234EfGh5678IjKl9012MnOp3456QrSt7890UvWx
Suspicious Activity Investigation Instructions:
- Review IBM Cloud Activity Tracker logs for unusual API calls or usage patterns.
- Check for unexpected spikes in service usage or billing.
- Monitor for unauthorized access from unfamiliar IP addresses or locations.
- Examine API call patterns for unusual transcription requests or model modifications.
- Review any custom models that may have been created or modified without authorization.
Mitigation Instructions:
-
Log in to the IBM Cloud console at https://cloud.ibm.com.
-
Navigate to Manage > Access (IAM) > API keys.
- Locate the compromised API key in the list.
- Click the "Actions" menu (three dots) next to the key and select "Delete".
- Create a new API key with appropriate access restrictions.
- Update any legitimate applications or services to use the new API key.
- Review and adjust IAM policies to ensure proper access controls.
- Consider implementing IP allowlisting for additional security.