Skip to content

Keen IO Master Key

Service Name: Keen IO

Service Description: Keen IO is a cloud analytics platform that allows developers to collect, analyze, and visualize events from their applications. It provides APIs for event data collection, analysis, and visualization capabilities.

Service Address: https://keen.io/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the project level through the Keen IO dashboard.

Secret Access Scope: Grants full access to a Keen IO project, including the ability to read and write data, create queries, and manage project settings.

Secret Revokement URL: https://keen.io/dashboard/[PROJECT_ID]/settings

Secret Example: a8b4c7e9f1d3a5b7c9e1f3a5d7b9c1e3f5a7b9c1e3f5a7b9

Suspicious Activity Investigation Instructions:

  • Review the Keen IO dashboard for unusual query patterns or data access.
  • Check for unexpected data exports or large volumes of queries.
  • Monitor for unauthorized project changes or settings modifications.
  • Examine API logs for requests from unfamiliar IP addresses or locations.
  • Look for unusual spikes in API usage or data consumption.

Mitigation Instructions:

  • Log in to your Keen IO dashboard.
  • Navigate to your project settings.
  • Locate the API Keys section.
  • Revoke the compromised master key.
  • Generate a new master key.
  • Update all legitimate applications and services with the new key.
  • Consider implementing scoped keys with limited permissions instead of using the master key.
  • Review and update access controls for your Keen IO project.
  • Enable additional security features like IP restrictions if available.