This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

help with Query

Posted on 12-16-2024 02:40 AM
rahul7514
Bronze 4
Bronze 4
Reply posted on --/--/---- --:-- AM

Hi
I wish to create an alert based on certificate expiry in windows ? 
Can some one help me how i can fetch this logs and also under which event type i can see the certifiacate expiry date ?

0 1 183
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
rajukg
Staff
Reply posted on --/--/---- --:-- AM

Even though I don't know the specifics for Windows logs ( you may look into System event ids 36871, 36881 etc) you will check this condition in the Rules:

// Example: Match if the certificate has been expired for more than 24h

86400 < timestamp.current_seconds() - $e.network.tls.certificate.not_after

Top Solution Authors
View all