Looker API Secret
Service Name: Looker
Service Description: Looker is a business intelligence software and big data analytics platform that helps companies explore, analyze and share real-time business analytics easily. It connects directly to databases to provide real-time insights through visualizations and dashboards.
Service Address: https://looker.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the Looker instance level through allowlists in the admin settings.
Secret Access Scope: Grants programmatic access to Looker API, allowing users to query data, manage users, create and modify content, and access other Looker resources based on the user's permissions.
Secret Revokement URL: https://docs.looker.com/admin-options/settings/users#api_keys
Secret Example: 58sd7f9sd7f9sd7f9sd7f9sd7f9sd7f9sd7f
Suspicious Activity Investigation Instructions:
- Review Looker audit logs for unusual API calls or data access patterns
- Check for unexpected dashboard or Look creations or modifications
- Monitor for unusual data exports or downloads
- Verify if there are any new scheduled deliveries or data alerts
- Examine user activity logs for suspicious login times or locations
- Check for changes to user permissions or roles
Mitigation Instructions:
- Log in to your Looker instance as an admin
- Navigate to Admin > Users
- Find the affected user account
- Click on the Edit button for the user
- Scroll to the API Keys section
- Click "Revoke" next to the compromised API key
- Generate a new API key if needed
- Consider implementing IP restrictions for API access
- Review and adjust user permissions to follow the principle of least privilege
- Update any applications or scripts using the old API key with the new one