Query Details

Show All Insecure Certificates

Query

// Use Case: Identifying outdated or potentially insecure digital certificates that use SHA-1 or MD5 hashing algorithms for a cybersecurity audit.
Certificate
| where SigningAlgorithm contains 'sha1' or SigningAlgorithm contains 'md5'
| project SigningAlgorithm, SubjectName, CommonName, SelfSigned

Explanation

This query is designed to help identify digital certificates that may be outdated or insecure due to their use of weak hashing algorithms, specifically SHA-1 or MD5. It searches through a database of certificates and filters out those that use either of these algorithms. The query then displays specific details about these certificates, including:

  • SigningAlgorithm: The algorithm used to sign the certificate (either SHA-1 or MD5 in this case).
  • SubjectName: The name of the entity that the certificate is issued to.
  • CommonName: A more specific identifier within the SubjectName, often used as a domain name.
  • SelfSigned: Indicates whether the certificate is self-signed or not.

This information is useful for cybersecurity audits to identify certificates that may need to be updated or replaced to ensure security.

Details

Ugur Koc profile picture

Ugur Koc

Released: December 13, 2024

Tables

Certificate

Keywords

CertificateSigningAlgorithmSubjectNameCommonNameSelfSigned

Operators

containsorprojectwhere

Actions

GitHub