Kafka Connection String
Service Name: Apache Kafka
Service Description: Apache Kafka is a distributed event streaming platform capable of handling trillions of events a day. Initially conceived as a messaging queue, Kafka is based on an abstraction of a distributed commit log.
Service Address: https://kafka.apache.org/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the broker level using network ACLs or security groups depending on deployment environment.
Secret Access Scope: Grants access to Kafka clusters, topics, and the ability to produce and consume messages.
Secret Revokement URL: Does not exist (managed through broker configuration)
Secret Example: kafka://user:password@hostname:9092/topic
Suspicious Activity Investigation Instructions:
- Review Kafka broker logs for unusual connection patterns or authentication failures
- Check consumer group offsets for unexpected changes or unusual consumption patterns
- Monitor for abnormal message production rates or sizes
- Examine topic access patterns for unauthorized access attempts
- Review any audit logs if enabled in your Kafka deployment
- Check for unusual topic creation or deletion activities
Mitigation Instructions:
-
Rotate the credentials in the connection string immediately
-
Update all applications using the compromised connection string
- Enable or review ACL permissions for the affected users
- Consider implementing TLS for encrypted connections if not already in use
- Implement IP-based restrictions at the broker level if possible
- Review and update authentication mechanisms (SASL, OAuth, etc.)
- Consider implementing a secrets management solution to avoid hardcoding
connection strings
- Enable audit logging for better visibility into access patterns