New Relic API Key
Service Name: New Relic
Service Description: New Relic is an observability platform that helps engineers plan, build, deploy, and run software. It provides application performance monitoring, infrastructure monitoring, digital experience monitoring, and applied intelligence capabilities.
Service Address: https://newrelic.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the account level through New Relic's API key management.
Secret Access Scope: Grants programmatic access to New Relic's APIs, allowing for data querying, configuration management, and integration with New Relic's monitoring and observability services.
Secret Revokement URL: https://one.newrelic.com/launcher/api-keys-ui.api-keys-launcher
Secret Example: NRAK-3XXXXXXXXXXXXXXXXXXXXXXXXX
Suspicious Activity Investigation Instructions:
- Review the New Relic audit logs for unusual API calls or data access patterns
- Check for unexpected changes to alert configurations, dashboards, or monitoring settings
- Monitor for unusual data queries or high volumes of API requests
- Verify if the API key was used from unusual geographic locations or IP addresses
- Review any integrations or third-party services that might be using the API key
Mitigation Instructions:
- Log in to your New Relic account and navigate to the API keys page
- Locate the compromised API key in the list
- Click on the "Delete" button next to the compromised key
- Confirm the deletion when prompted
- Create a new API key with appropriate permissions to replace the compromised
one
- Update all legitimate applications and services to use the new API key
- Review and update your API key rotation policies
- Consider implementing more granular API key permissions using User Keys
instead of Admin Keys where possible