Hi
I wish to create an alert based on certificate expiry in windows ?
Can some one help me how i can fetch this logs and also under which event type i can see the certifiacate expiry date ?
help with Query
+10- Bronze 2
+6Even though I don't know the specifics for Windows logs ( you may look into System event ids 36871, 36881 etc) you will check this condition in the Rules:
// Example: Match if the certificate has been expired for more than 24h
86400 < timestamp.current_seconds() - $e.network.tls.certificate.not_after
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.