Rules: SSL Certificate Expired
A server responded on a SSL or TLS service using an expired certificate.
Detail | Value |
---|---|
Type | Match |
Category | Defense Evasion |
Apply Risk to Entities | device_hostname, device_ip, srcDevice_hostname, srcDevice_ip, user_username |
Signal Name | SSL Certificate Expired |
Summary Expression | Suspicious SSL or TLS server response from IP: {{srcDevice_ip}} |
Score/Severity | Static: 1 |
Enabled by Default | True |
Prototype | False |
Tags | _mitreAttackTactic:TA0042, _mitreAttackTechnique:T1587.003, _mitreAttackTechnique:T1587, _mitreAttackTechnique:T1608, _mitreAttackTechnique:T1608.003 |
Origin | Field |
---|---|
Normalized Schema | device_hostname |
Normalized Schema | device_ip |
Normalized Schema | listMatches |
Normalized Schema | metadata_deviceEventId |
Normalized Schema | metadata_product |
Normalized Schema | srcDevice_hostname |
Normalized Schema | srcDevice_ip |
Normalized Schema | threat_name |
Normalized Schema | user_username |