After some help. Is there any way to get this to use a custom port for the 2 server that use a non 443 port?
| makeresults
| eval dest="url1,url2,url3", dest = split (dest,",")
| mvexpand dest
| lookup sslcert_lookup dest OUTPUT ssl_subject_common_name ssl_subject_alt_name ssl_end_time ssl_validity_window
| eval ssl_subject_alt_name = split(ssl_subject_alt_name,"|")
| eval days_left = round(ssl_validity_window/86400)
| table ssl_subject_common_name ssl_subject_alt_name days_left ssl_issuer_common_name
| sort days_left
I tried adding the port to the first eval e.g.
| eval dest="url1,url2,url3", dest_port=8443 , dest = split (dest,",")
Would be great if both the standard and custom could be returned together.
Figured it out.
| makeresults
| eval dest="url1,url2,url3", dest_port=8443, dest = split (dest,",")
| mvexpand dest
| `sslcert(dest, dest_port)`
| lookup sslcert_lookup dest, dest_port OUTPUT ssl_subject_common_name ssl_subject_alt_name ssl_end_time ssl_validity_window
| eval ssl_subject_alt_name = split(ssl_subject_alt_name,"|")
| eval days_left = round(ssl_validity_window/86400)
| table ssl_subject_common_name ssl_subject_alt_name days_left
| sort days_left