Alerting
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

PKI and Splunk

itsmevic
Communicator
‎01-08-2020 07:18 AM

Hey there fellow Splunkers, can Splunk be used to help manage PKI? If so, in what ways?

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

adonio
Ultra Champion
‎01-08-2020 11:07 AM

bring the PKI software data to splunk
alert on expiring keys
automate keys replacement if you wish ...
seen it done many times

View solution in original post

0 Karma
Reply
Solved! Jump to solution

itsmevic
Communicator
‎01-08-2020 12:05 PM

Is there a way to pull this data without PKI software implemented? For example, through a log source which might indicate when a certificate is about to expire?

0 Karma
Reply
Solved! Jump to solution

efavreau
Motivator
‎02-28-2020 04:00 PM

Yes. All certs can be interpreted as a series of properties (expiration is one cert property). Common command line tools can query the certs store/wallet/etc. on a daily schedule, and then send that output to a log source (syslog, windows event log, etc.), where Splunk is already picking up the logs.

1) query for gaps between number of certs expected in a day and number received. If the number is off, either a system isn't reporting in, or it's decommissioned, etc.. Splunk alert on it will help you before it's too late. This will make sure your process doesn't accidentally miss a host that was offline for a while.

2) create Splunk reports/dashboards on cert properties for what you need

Lost still? Here's a couple additional pointers for querying certs. This and a few minutes in a search engine should get you going:
https://stackoverflow.com/questions/21297853/how-to-determine-ssl-cert-expiration-date-from-a-pem-en...
https://devblogs.microsoft.com/scripting/use-powershell-to-find-certificates-that-are-about-to-expir...

###

If this reply helps you, an upvote would be appreciated.
0 Karma
Reply
Solved! Jump to solution
Solution

adonio
Ultra Champion
‎01-08-2020 11:07 AM

bring the PKI software data to splunk
alert on expiring keys
automate keys replacement if you wish ...
seen it done many times

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Painting a Clearer Picture: Creating Cross-Domain Visibility with AI Canvas

    Thursday, June 25, 2026  |  11AM PDT / 2PM EDT  Duration: 1 Hour (Includes live Q&A) Register to ...

Analytics Workspace deprecation

As of Splunk Cloud Platform 10.4.2604 and Splunk Enterprise 10.4, Analytics Workspace is now deprecated. ...

Splunk Developer Day Recap: Building, Publishing, and Growing on the Splunk Platform

Splunk Developer Day brought the Splunk developer community together for a practical look at what it means to ...