No TLS details

See also attached image:

While there seem to be thousands of TLS handshakes, the SIEM-network table with TLS details is empty.

The Packetbeat config details:

- type: tls
  # Configure the ports where to listen for TLS traffic. You can disable
  # the TLS protocol by commenting out the list of ports.
  ports: [ 443, 993, 587, 465, 995 ]

  # Certificate details
  # WLM | 2020mar8
  send_certificates: true
  include_raw_certificates: true
  include_detailed_fields: true
  fingerprints: [ md5, sha1, sha256 ]

What am I overlooking here?

Thanks - Will

Unfortunately, nothing. We've been working to standardize on Elastic Common Schema and transition the data sources and UI to be fully based on it. The queries in the UI predate TLS being part of the schema. And now it needs an update. I've opened an issue to get this done

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Perhaps somewhat late - but still - thank you!