Looker Service Account JSON
Service Name: Looker
Service Description: Looker is a business intelligence software and big data analytics platform that helps organizations explore, analyze and share real-time business analytics. It connects directly to databases to provide data visualization and exploration capabilities.
Service Address: https://looker.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the Looker instance level through network access controls and allowlists.
Secret Access Scope: Grants programmatic access to Looker API with permissions defined in the service account. Can access data models, run queries, manage users, and perform administrative actions depending on the permissions assigned.
Secret Revokement URL: https://docs.looker.com/admin-options/settings/users#managing_api_keys
Secret Example:
{
"client_id": "abcdef1234567890abcdef",
"client_secret": "abcdef1234567890abcdef1234567890abcdef12",
"api_url": "https://company.cloud.looker.com:19999/api/3.1",
"verification_mode": "default"
}
Suspicious Activity Investigation Instructions:
- Review Looker admin logs for unusual API calls or data access patterns.
- Check for unexpected query executions or data exports.
- Monitor for unauthorized dashboard or Look creations.
- Verify if there are any new scheduled deliveries or data alerts
- Examine user activity logs for actions performed using the service account
- Check for changes to data access policies or model configurations
Mitigation Instructions:
- Log into your Looker instance as an administrator
- Navigate to Admin > Users
- Locate the service account user
- Click on the Edit API Keys button
- Delete the compromised API key
- Generate a new API key if needed
- Update any legitimate applications using the previous credentials
- Consider implementing IP restrictions for API access
- Review and potentially limit the permissions assigned to the service account
- Enable audit logging to monitor future API usage