policy/protocols/ssl/expiring-certs.zeek¶
-
SSL
¶
Generate notices when X.509 certificates over SSL/TLS are expired or going to expire soon based on the date and time values stored within the certificate.
Namespace: | SSL |
---|---|
Imports: | base/files/x509, base/frameworks/notice, base/protocols/ssl, base/utils/directions-and-hosts.zeek |
Summary¶
Runtime Options¶
SSL::notify_certs_expiration : Host &redef |
The category of hosts you would like to be notified about which have certificates that are going to be expiring soon. |
SSL::notify_when_cert_expiring_in : interval &redef |
The time before a certificate is going to expire that you would like
to start receiving SSL::Certificate_Expires_Soon notices. |
Redefinitions¶
Notice::Type : enum |
Detailed Interface¶
Runtime Options¶
-
SSL::notify_certs_expiration
¶ Type: Host
Attributes: &redef
Default: LOCAL_HOSTS
The category of hosts you would like to be notified about which have certificates that are going to be expiring soon. By default, these notices will be suppressed by the notice framework for 1 day after a particular certificate has had a notice generated. Choices are: LOCAL_HOSTS, REMOTE_HOSTS, ALL_HOSTS, NO_HOSTS
-
SSL::notify_when_cert_expiring_in
¶ Type: interval
Attributes: &redef
Default: 30.0 days
The time before a certificate is going to expire that you would like to start receiving
SSL::Certificate_Expires_Soon
notices.