Generic Secret Enricher Categories Reference
The Generic Secret Enricher (GSE) uses machine learning to analyze the context around generic secrets and automatically classify them into categories. This classification helps you prioritize remediation efforts by understanding the potential impact and criticality of each incident.
This feature is specifically designed for generic incidents that couldn't be matched to a specific detector. The GSE analyzes the surrounding context to provide category insights that help with prioritization and remediation.
How GSE Categories Help with Remediationβ
Understanding GSE categories helps you:
- Prioritize critical infrastructure secrets (Cloud providers, Databases, etc.)
- Focus on high-impact services (Payment systems, Identity providers, etc.)
- Identify secrets that could affect business operations (Messaging systems, E-commerce platforms, etc.)
- Streamline remediation workflows by grouping similar types of secrets
- Apply appropriate security policies based on the service type
Categories Referenceβ
π€ AIβ
What it includes: API keys and tokens for artificial intelligence and machine learning services.
Examples: OpenAI, Anthropic, Hugging Face, Cohere, DeepSeek, Mistral AI, Azure OpenAI
Why it matters: AI services can be expensive to abuse and may contain sensitive data or model access. Leaked AI tokens could lead to:
- Unauthorized API usage and billing
- Access to proprietary models or training data
- Potential data exfiltration through AI services
π CDNβ
What it includes: Content Delivery Network services and edge computing platforms.
Examples: Cloudflare, Fastly, Amazon CloudFront, Akamai, Bunny.net
Why it matters: CDN credentials can impact website performance, security configurations, and content delivery. Compromise could lead to:
- Website defacement or content manipulation
- DDoS protection bypass
- SSL/TLS certificate compromise
π CI/CDβ
What it includes: Continuous Integration and Continuous Deployment pipeline credentials.
Examples: CircleCI, BuildKite, LaunchDarkly, Jenkins, GitLab CI
Why it matters: CI/CD credentials provide access to deployment pipelines and can impact entire development workflows. Compromise could lead to:
- Unauthorized code deployments
- Supply chain attacks
- Access to production environments
- Source code exposure
βοΈ Cloud Providerβ
What it includes: Major cloud infrastructure provider credentials.
Examples: Amazon AWS, Microsoft Azure, Google Cloud, DigitalOcean, Terraform, OVH
Why it matters: Cloud provider credentials often have broad access to infrastructure resources. Compromise could lead to:
- Data breaches
- Resource manipulation or deletion
- Cryptocurrency mining
- Service disruption
- High billing costs
π Code Analysisβ
What it includes: Code quality, security scanning, and analysis platform credentials.
Examples: SonarQube, Code Climate, Codacy, Snyk, Sourcegraph
Why it matters: These tools often have access to source code and security findings. Compromise could lead to:
- Source code exposure
- Security vulnerability information disclosure
- Manipulation of security reports
π€ Collaboration Toolβ
What it includes: Team collaboration, project management, and productivity platform credentials.
Examples: Asana, Trello, Notion, Contentful, Netlify, Atlassian
Why it matters: Collaboration tools contain business information and team communications. Compromise could lead to:
- Sensitive business information exposure
- Project manipulation
- Unauthorized access to team communications
π CRMβ
What it includes: Customer Relationship Management system credentials.
Examples: Salesforce, HubSpot, Freshdesk, Zendesk
Why it matters: CRM systems contain sensitive customer data and business information. Compromise could lead to:
- Customer data breaches
- Privacy regulation violations (GDPR, CCPA)
- Competitive intelligence exposure
- Customer relationship damage
πͺ Cryptosβ
What it includes: Cryptocurrency exchange and blockchain service credentials.
Examples: Coinbase, Bitfinex, Kraken, various blockchain APIs
Why it matters: Cryptocurrency credentials can provide direct access to financial assets. Compromise could lead to:
- Direct financial theft
- Unauthorized trading
- Wallet compromise
ποΈ Data Storageβ
What it includes: Database systems, cloud storage, and data management service credentials.
Examples: PostgreSQL, MySQL, MongoDB, Redis, Amazon S3, Supabase, PlanetScale
Why it matters: Data storage credentials provide access to potentially sensitive business and customer data. Compromise could lead to:
- Data breaches
- Data manipulation or deletion
- Privacy regulation violations
- Business disruption
π E-commerceβ
What it includes: Online commerce platform and marketplace credentials.
Examples: Shopify, Webflow, Etsy, various e-commerce APIs
Why it matters: E-commerce credentials can affect online sales and customer experience. Compromise could lead to:
- Customer data exposure
- Order manipulation
- Payment system compromise
- Revenue impact
π Identity Providerβ
What it includes: Authentication, authorization, and identity management service credentials.
Examples: Auth0, Okta, Microsoft Azure Active Directory, Ping Identity, Keycloak
Why it matters: Identity providers control access to multiple systems and user authentication. Compromise could lead to:
- Unauthorized access to connected systems
- User impersonation
- Single sign-on (SSO) bypass
- Privilege escalation