Hi
I wish to create an alert based on certificate expiry in windows ?
Can some one help me how i can fetch this logs and also under which event type i can see the certifiacate expiry date ?
Page 1 / 1
Even though I don't know the specifics for Windows logs ( you may look into System event ids 36871, 36881 etc) you will check this condition in the Rules:
// Example: Match if the certificate has been expired for more than 24h
86400 < timestamp.current_seconds() - $e.network.tls.certificate.not_after
Reply
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.