valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-07 01:55:20 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
cd11220b7a
osquery-1/specs/curl_certificate.table
kumarak 58d0671271
Extend the fields of curl_certificate table (#6176) 
Co-authored-by: Stefano Bonicatti <stefano.bonicatti@gmail.com>
2020-03-31 09:34:36 -04:00

41 lines
2.4 KiB
Plaintext
Raw Blame History

table_name("curl_certificate")
description("Inspect TLS certificates by connecting to input hostnames.")
schema([
Column("hostname", TEXT, "Hostname (domain[:port]) to CURL", required=True),
Column("common_name", TEXT, "Common name of company issued to"),
Column("organization", TEXT, "Organization issued to"),
Column("organization_unit", TEXT, "Organization unit issued to"),
Column("serial_number", TEXT, "Certificate serial number"),
Column("issuer_common_name", TEXT, "Issuer common name"),
Column("issuer_organization", TEXT, "Issuer organization"),
Column("issuer_organization_unit", TEXT, "Issuer organization unit"),
Column("valid_from", TEXT, "Period of validity start date"),
Column("valid_to", TEXT, "Period of validity end date"),
Column("sha256_fingerprint", TEXT, "SHA-256 fingerprint"),
Column("sha1_fingerprint", TEXT, "SHA1 fingerprint"),
Column("certificate_version", INTEGER, "Version Number"),
Column("signature_algorithm", TEXT, "Signature Algorithm"),
Column("signature", TEXT, "Signature"),
Column("subject_key_identifier", TEXT, "Subject Key Identifier"),
Column("authority_key_identifier", TEXT, "Authority Key Identifier"),
Column("key_usage", TEXT, "Usage of key in certificate"),
Column("extended_key_usage", TEXT, "Extended usage of key in certificate"),
Column("certificate_policies", TEXT, "Certificate Policies"),
Column("subject_alternative_names", TEXT, "Subject Alternative Name"),
Column("issuer_alternative_names", TEXT, "Issuer Alternative Name"),
Column("info_access", TEXT, "Authority Information Access"),
Column("subject_info_access", TEXT, "Subject Information Access"),
Column("policy_mappings", TEXT, "Policy Mappings"),
Column("certificate_has_expired", INTEGER, "1 if the certificate has expired, 0 otherwise"),
Column("basic_constraint", TEXT, "Basic Constraints"),
Column("name_constraints", TEXT, "Name Constraints"),
Column("policy_constraints", TEXT, "Policy Constraints"),
Column("dump_certificate", INTEGER, "Set this value to '1' to dump certificate", additional=True, hidden=True),
Column("certificate_pem", TEXT, "Certificate PEM format")
])
implementation("curl_certificate@genTLSCertificate")
examples([
"select * from curl_certificate where hostname = 'osquery.io'"
"select * from curl_certificate where hostname = 'osquery.io' and dump_certificate = 1"
])
Reference in New Issue View Git Blame Copy Permalink