Zeek X509
Zeek x509.log
X.509 certificate info
DigiCert Inc Certificate
{
"@timestamp": "2021-01-18T19:58:25.728Z",
"agent": {
"hostname": "sensor-dev",
"name": "sensor-dev",
"id": "6bf5192e-e2f1-49bb-ab7a-c04c26381e7e",
"type": "filebeat",
"ephemeral_id": "9b5aa2d4-1b54-4c25-bd2d-61cd592d34f4",
"version": "7.9.2"
},
"ecs": {
"version": "1.5.0"
},
"event": {
"kind": "event",
"created": "2021-01-18T19:58:33.189116150Z",
"module": "zeek",
"id": "F8TQ9LErOrU0jX7i3",
"type": [
"info"
],
"dataset": "zeek.x509"
},
"fields": {
"originating_agent_tag": "sensordev_agt"
},
"fileset": {
"name": "x509"
},
"host": {
"name": "sensor-dev"
},
"input": {
"type": "log"
},
"log": {
"file": {
"path": "/opt/dynamite/zeek/logs/current/x509.log"
},
"offset": 0
},
"service": {
"type": "zeek"
},
"tags": [
"zeek.x509"
],
"zeek": {
"x509": {
"san": {
"dns": [
"*.telemetry.mozilla.org",
"telemetry.mozilla.org"
]
},
"certificate": {
"valid": {
"from": "2020-08-24T04:00:00.000Z",
"until": "2022-10-28T16:00:00.000Z"
},
"serial": "0CE6B5FD8FB1B07CD4D54CAEFE4DBF57",
"subject": {
"country": "US",
"organization": "Mozilla Corporation",
"locality": "Mountain View",
"state": "California",
"common_name": "*.telemetry.mozilla.org",
"organizational_unit": "Cloud Services"
},
"signature_algorithm": "sha256WithRSAEncryption",
"version": 3,
"key": {
"length": 2048,
"type": "rsa",
"algorithm": "rsaEncryption"
},
"issuer": {
"country": "US",
"organization": "DigiCert Inc",
"common_name": "DigiCert SHA2 Secure Server CA"
},
"exponent": "65537"
},
"basic_constraints": {
"certificate_authority": false
}
},
"session_id": "F8TQ9LErOrU0jX7i3"
}
}