LogDNA Ingestion Key
Service Name: LogDNA (now Mezmo)
Service Description: LogDNA (rebranded as Mezmo) is a log management platform that helps organizations collect, analyze, and monitor logs from various sources in real-time. It provides powerful search capabilities, customizable dashboards, and alerting features to help teams troubleshoot issues and gain insights from their log data.
Service Address: https://www.mezmo.com/ (formerly logdna.com)
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the account level through the LogDNA web interface.
Secret Access Scope: Grants the ability to ingest logs into a specific LogDNA account. Ingestion keys allow applications and systems to send log data to LogDNA but do not provide access to view or manage logs.
Secret Revokement URL: https://app.logdna.com/manage/api-keys
Secret Example: 1a2b3c4d5e6f7g8h9i0j1k2l3m4n5o6p
Suspicious Activity Investigation Instructions:
- Review the LogDNA dashboard for unusual log volume spikes or unexpected sources.
- Check for logs being sent from unfamiliar IP addresses or hostnames.
- Examine the LogDNA usage metrics for abnormal ingestion patterns.
- Review the "Sources" section in LogDNA to identify any unauthorized systems sending logs.
- Check for any unauthorized applications or services that might be using the ingestion key.
Mitigation Instructions:
- Log in to your LogDNA/Mezmo account at https://app.logdna.com/.
- Navigate to Settings > Organization > API Keys.
- Locate the compromised ingestion key.
- Click the trash icon next to the key to delete it.
- Generate a new ingestion key if needed.
- Update all legitimate applications and systems with the new ingestion key.
- Consider implementing IP restrictions for your ingestion keys if available.
- Review and update your secret management practices to prevent future exposures.