[Packetbeat] Add SHA1 Fingerprints of TLS Certificates #8180
Assignees
Labels
Comments
adriansr
added a commit
to adriansr/beats
that referenced
this issue
Sep 21, 2018
This patch adds support to calculate fingerprints to the TLS parser in packetbeat. The feature is controlled by a new configuration option: ``` fingerprints: [sha1, sha256] ``` Valid values are `sha1`, `sha256` and `md5`. Closes elastic#8180
adriansr
added a commit
that referenced
this issue
Sep 21, 2018
This patch adds support to calculate fingerprints to the TLS parser in Packetbeat. The feature is controlled by a new configuration option: ``` fingerprints: [sha1, sha256] ``` Valid values are `sha1`, `sha256` and `md5`. Default is `sha1`. Closes #8180
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
As a user I'd like to be able to search for certificates based on SHA1 fingerprints. For example if I want to query for certificates matching a SSL blacklist like https://sslbl.abuse.ch/ then I need to have a fingerprint in Elasticsearch.
Packetbeat should probably also support SHA256 hashing as well. Some apps are moving to using that.
The text was updated successfully, but these errors were encountered: