policy/protocols/ssl/expiring-certs.bro

SSL

Generate notices when X.509 certificates over SSL/TLS are expired or going to expire soon based on the date and time values stored within the certificate.

Namespace:SSL
Imports:base/files/x509, base/frameworks/notice, base/protocols/ssl, base/utils/directions-and-hosts.bro
Source File:/scripts/policy/protocols/ssl/expiring-certs.bro

Summary

Runtime Options

SSL::notify_certs_expiration: Host &redef The category of hosts you would like to be notified about which have certificates that are going to be expiring soon.
SSL::notify_when_cert_expiring_in: interval &redef The time before a certificate is going to expire that you would like to start receiving SSL::Certificate_Expires_Soon notices.

Redefinitions

Notice::Type: enum  

Detailed Interface

Runtime Options

SSL::notify_certs_expiration
Type:Host
Attributes:&redef
Default:LOCAL_HOSTS

The category of hosts you would like to be notified about which have certificates that are going to be expiring soon. By default, these notices will be suppressed by the notice framework for 1 day after a particular certificate has had a notice generated. Choices are: LOCAL_HOSTS, REMOTE_HOSTS, ALL_HOSTS, NO_HOSTS

SSL::notify_when_cert_expiring_in
Type:interval
Attributes:&redef
Default:30.0 days

The time before a certificate is going to expire that you would like to start receiving SSL::Certificate_Expires_Soon notices.

Copyright 2016, The Bro Project. Last updated on January 10, 2019. Created using Sphinx 1.7.5.