TLS Information

Hi Team!
What are the integration tools ( beats family etc ) required to we collect certificates data from session connections to identify TLS Version, Ciphers, Valid until, Issuer, Subject, fingerprint etc from a host server ?
Idea would be to inspect or monitor TLS Network Traffic as well see the TLS Versions, Certificates Validations to proactive take action as need.
Appreciate any help!
Mauricio

Hello Mauricio,

Maybe there are more applications that can do this out of the box but I am using the following two:

  • HeartBeat collects TLS data when monitoring an HTTPS endpoint
  • PacketBeat collects this data when TLS protocol is configured

Best regards
Wolfram

Thanks Wolfram!
If that solution be able to inspect all TLS information and transactions from every Port we have this protocol enabled, will be very helpful!!!

For example, today we have couple middlewares on servers using TLS, so if the Beats can identify the Port used, TLS version and Certification expiration would be very very good to we proactive take actions at security side and also to identify when a certificate will expire.

Hello Mauricio,

Unfortunately, I don't think that PacketBeat can detect that automatically. As far as I know you have to configure a list of ports.

Best regards
Wolfram

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.