See also attached image:
While there seem to be thousands of TLS handshakes, the SIEM-network table with TLS details is empty.
The Packetbeat config details:
- type: tls
# Configure the ports where to listen for TLS traffic. You can disable
# the TLS protocol by commenting out the list of ports.
ports: [ 443, 993, 587, 465, 995 ]
# Certificate details
# WLM | 2020mar8
send_certificates: true
include_raw_certificates: true
include_detailed_fields: true
fingerprints: [ md5, sha1, sha256 ]
What am I overlooking here?
Thanks - Will