Security
Highlighted

Splunk & Microsoft Certificate Authority

Path Finder

Has anyone used Splunk to monitor Microsoft CA's?

Maybe not an application, but has anyone researched which Event ID's mean a certificate is expiring in x days.

I have looked at the MS documentation on the Event ID's, but I wanted to know what kind of success anyone had had.

Labels (1)
0 Karma
Highlighted

Re: Splunk & Microsoft Certificate Authority

Explorer

This is how I am doing it.
index="foo" EventCode="64" Message="is about to expire or already expired"

I think the CA default is 7 days when it starts firing this event.

View solution in original post

Highlighted

Re: Splunk & Microsoft Certificate Authority

Motivator

Hi,

The events are part of windows server roles where there is not path showing up for evtx. I would like to know how did you integrate those events to Splunk.

0 Karma