Solved: Splunk & Microsoft Certificate Authority

peasead · ‎05-24-2012

Has anyone used Splunk to monitor Microsoft CA's?

Maybe not an application, but has anyone researched which Event ID's mean a certificate is expiring in x days.

I have looked at the MS documentation on the Event ID's, but I wanted to know what kind of success anyone had had.

JBarkerMox · ‎05-24-2012

This is how I am doing it.
index="foo" EventCode="64" Message="is about to expire or already expired"

I think the CA default is 7 days when it starts firing this event.

View solution in original post

JBarkerMox · ‎05-24-2012

This is how I am doing it.
index="foo" EventCode="64" Message="is about to expire or already expired"

I think the CA default is 7 days when it starts firing this event.

thambisetty · ‎03-24-2020

Hi,

The events are part of windows server roles where there is not path showing up for evtx. I would like to know how did you integrate those events to Splunk.

————————————
If this helps, give a like below.

Splunk & Microsoft Certificate Authority

other

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

Splunk APM: New Product Features + Community Office Hours Recap!

Index This | Forward, I’m heavy; backward, I’m not. What am I?