Splunk Enterprise Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to view expired server certificates in the Splunk App for Enterprise Security 3.3?

eljaybee
Engager
‎06-08-2015 03:25 PM

I'm trying to view my server certificates via the Splunk Enterprise Security App 3.3. I asked to set it up in the app to monitor the expiration of certs. I have several servers forwarding data via the universal forwarder. How can I accomplish this?

Reply

mdessus_splunk
Splunk Employee
Splunk Employee
‎06-24-2015 02:51 PM

You might either index your certificates and add a command to check the expiration date or run a command on the fwd (may be with openssl) that will check once a day (for ex.) what is your certificate expiration date.

You might also have a look to the dashboard SSL Activity (in Protocol intelligence), to look what is done there, but the source is the SSL flows collected by Stream.

Does it makes sense ?

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

🍂 Fall into November with a fresh lineup of Community Office Hours, Tech Talks, and Webinars we’ve ...

Transform your security operations with Splunk Enterprise Security

Hi Splunk Community, Splunk Platform has set a great foundation for your security operations. With the ...

Splunk Admins and App Developers | Earn a $35 gift card!

Splunk, in collaboration with ESG (Enterprise Strategy Group) by TechTarget, is excited to announce a ...