New Relic APM License Key
Service Name: New Relic
Service Description: New Relic is an observability platform that helps engineers plan, build, deploy, and run great software. It provides application performance monitoring (APM), infrastructure monitoring, digital experience monitoring, and other observability tools.
Service Address: https://newrelic.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the account level through New Relic's security settings.
Secret Access Scope: New Relic APM License Keys grant access to report data to New Relic's APM service. They allow applications to send performance metrics, events, logs, and traces to the New Relic platform.
Secret Revokement URL: https://docs.newrelic.com/docs/apis/intro-apis/new-relic-api-keys/#manage-keys
Secret Example: 0123456789abcdef0123456789abcdef0123456
Suspicious Activity Investigation Instructions:
- Review the New Relic account for unusual application registrations or unexpected data sources
- Check for abnormal data reporting patterns or volumes in the New Relic dashboard
- Examine application logs for unauthorized deployments using the license key
- Monitor for unexpected spikes in API usage or data ingest
- Review the New Relic audit logs for suspicious administrative actions
Mitigation Instructions:
- Log in to your New Relic account and navigate to the API keys management
page
- Identify the compromised license key and delete it
- Generate a new license key to replace the compromised one
- Update all legitimate applications with the new license key
- Review and update your secret management practices to prevent future
exposures
- Consider implementing New Relic's user management controls to limit access to
license keys
- Monitor your application for any residual unauthorized reporting attempts