See also attached image:
While there seem to be thousands of TLS handshakes, the SIEM-network table with TLS details is empty.
The Packetbeat config details:
- type: tls # Configure the ports where to listen for TLS traffic. You can disable # the TLS protocol by commenting out the list of ports. ports: [ 443, 993, 587, 465, 995 ] # Certificate details # WLM | 2020mar8 send_certificates: true include_raw_certificates: true include_detailed_fields: true fingerprints: [ md5, sha1, sha256 ]
What am I overlooking here?
Thanks - Will