OpsGenie API Key
Service Name: OpsGenie
Service Description: OpsGenie is an incident management and alerting platform that helps DevOps and IT operations teams manage critical incidents, notify the right people, and streamline on-call schedules and escalations.
Service Address: https://www.atlassian.com/software/opsgenie
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the account level through OpsGenie's IP filtering feature.
Secret Access Scope: Grants programmatic access to OpsGenie's API, allowing management of alerts, incidents, on-call schedules, and integrations.
Secret Revokement URL: https://support.atlassian.com/opsgenie/docs/manage-api-keys/
Secret Example: 123e4567-e89b-12d3-a456-426614174000
Suspicious Activity Investigation Instructions:
- Review OpsGenie audit logs for unusual API calls or activities
- Check for unauthorized alert creations, modifications, or deletions
- Monitor for changes to on-call schedules or escalation policies
- Look for new or modified integrations
- Verify if there are any unexpected team or user permission changes
Mitigation Instructions:
- Log in to your OpsGenie account as an admin
- Navigate to Settings > API Key Management
-
Locate the compromised API key
-
Click "Delete" to revoke the key immediately
- Create a new API key with appropriate permissions if needed
- Update all legitimate applications and services with the new API key
- Review and update IP filtering settings to restrict API access to trusted IP
addresses
- Consider implementing role-based access control to limit API key permissions