Looker Embed Secret
Service Name: Looker (Google Cloud)
Service Description: Looker is a business intelligence software and big data analytics platform that helps organizations explore, analyze, and share real-time business analytics. It allows users to create and share dashboards, reports, and visualizations based on their data.
Service Address: https://looker.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the Looker instance level through allowlisting specific IP addresses or ranges.
Secret Access Scope: Looker embed secrets grant access to embed Looker dashboards, looks, and explores into third-party applications. These secrets allow for secure embedding of Looker content with specific user permissions.
Secret Revokement URL: https://docs.looker.com/admin-options/settings/embed
Secret Example: abcdef123456789ghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ
Suspicious Activity Investigation Instructions:
- Review Looker admin logs for unusual embedding activity or unauthorized access attempts
- Check for unexpected embedded content appearing in applications
- Monitor for unusual traffic patterns to embedded Looker content
- Review user activity logs for any suspicious actions related to embedded content
- Check for unauthorized changes to embed settings or permissions
Mitigation Instructions:
- Log in to your Looker instance as an administrator
- Navigate to Admin > Embed in the Looker interface
- Locate the compromised embed secret
- Click "Disable" to immediately revoke access for the secret
- Generate a new embed secret if needed for legitimate use cases
- Update any legitimate applications with the new embed secret
- Review and restrict embed domains to only authorized websites
- Consider implementing additional IP restrictions for embed access
- Audit all embed usage and permissions to ensure proper configuration