mirror of
https://github.com/valitydev/osquery-1.git
synced 2024-11-07 01:55:20 +00:00
41 lines
2.3 KiB
Plaintext
41 lines
2.3 KiB
Plaintext
table_name("curl_certificate")
|
|
description("Inspect TLS certificates by connecting to input hostnames.")
|
|
schema([
|
|
Column("hostname", TEXT, "Hostname (domain[:port]) to CURL", required=True),
|
|
Column("common_name", TEXT, "Common name of company issued to"),
|
|
Column("organization", TEXT, "Organization issued to"),
|
|
Column("organization_unit", TEXT, "Organization unit issued to"),
|
|
Column("serial_number", TEXT, "Certificate serial number"),
|
|
Column("issuer_common_name", TEXT, "Issuer common name"),
|
|
Column("issuer_organization", TEXT, "Issuer organization"),
|
|
Column("issuer_organization_unit", TEXT, "Issuer organization unit"),
|
|
Column("valid_from", TEXT, "Period of validity start date"),
|
|
Column("valid_to", TEXT, "Period of validity end date"),
|
|
Column("sha256_fingerprint", TEXT, "SHA-256 fingerprint"),
|
|
Column("sha1_fingerprint", TEXT, "SHA1 fingerprint"),
|
|
Column("version", INTEGER, "Version Number"),
|
|
Column("signature_algorithm", TEXT, "Signature Algorithm"),
|
|
Column("signature", TEXT, "Signature"),
|
|
Column("subject_key_identifier", TEXT, "Subject Key Identifier"),
|
|
Column("authority_key_identifier", TEXT, "Authority Key Identifier"),
|
|
Column("key_usage", TEXT, "Usage of key in certificate"),
|
|
Column("extended_key_usage", TEXT, "Extended usage of key in certificate"),
|
|
Column("policies", TEXT, "Certificate Policies"),
|
|
Column("subject_alternative_names", TEXT, "Subject Alternative Name"),
|
|
Column("issuer_alternative_names", TEXT, "Issuer Alternative Name"),
|
|
Column("info_access", TEXT, "Authority Information Access"),
|
|
Column("subject_info_access", TEXT, "Subject Information Access"),
|
|
Column("policy_mappings", TEXT, "Policy Mappings"),
|
|
Column("has_expired", INTEGER, "1 if the certificate has expired, 0 otherwise"),
|
|
Column("basic_constraint", TEXT, "Basic Constraints"),
|
|
Column("name_constraints", TEXT, "Name Constraints"),
|
|
Column("policy_constraints", TEXT, "Policy Constraints"),
|
|
Column("dump_certificate", INTEGER, "Set this value to '1' to dump certificate", additional=True, hidden=True),
|
|
Column("pem", TEXT, "Certificate PEM format")
|
|
])
|
|
implementation("curl_certificate@genTLSCertificate")
|
|
examples([
|
|
"select * from curl_certificate where hostname = 'osquery.io'"
|
|
"select * from curl_certificate where hostname = 'osquery.io' and dump_certificate = 1"
|
|
])
|