RabbitMQ Connection String
Service Name: RabbitMQ
Service Description: RabbitMQ is an open-source message broker software that implements the Advanced Message Queuing Protocol (AMQP). It acts as a middleman for various services, enabling them to communicate and exchange information through a standardized interface.
Service Address: https://www.rabbitmq.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the RabbitMQ server level using firewall rules or RabbitMQ's built-in access control mechanisms.
Secret Access Scope: Grants access to RabbitMQ message broker services, allowing applications to publish and consume messages, manage exchanges, queues, and bindings.
Secret Revokement URL: https://www.rabbitmq.com/access-control.html
Secret Example: amqp://username:password@host:5672/vhost
Suspicious Activity Investigation Instructions:
- Review RabbitMQ server logs for unusual connection attempts or message patterns
- Check for unexpected high message throughput or queue creation
- Monitor for connections from unusual IP addresses or locations
- Examine management console for unauthorized user activity
- Verify if there are any newly created users or modified permissions
Mitigation Instructions:
- Change the password for the affected user in the RabbitMQ management
console
- Revoke and regenerate any compromised credentials
- Update connection strings in all legitimate applications
- Consider implementing IP-based restrictions for RabbitMQ access
- Enable TLS for all RabbitMQ connections if not already in use
- Review and restrict user permissions to only what is necessary
- Implement monitoring for suspicious connection patterns