Query Details

Show Valid Certificates On Device

Query

// Use Case: Identifying and monitoring active SSL/TLS certificates to ensure website security and trustworthiness.
Certificate
| where ValidToDateTime > now()
| project ValidToDateTime, SubjectName, CommonName

Explanation

This query is designed to help monitor the security of a website by identifying active SSL/TLS certificates. Here's a simple breakdown of what it does:

  1. Certificate: This is the data source or table that contains information about SSL/TLS certificates.

  2. where ValidToDateTime > now(): This filters the certificates to only include those that are still valid, meaning their expiration date (ValidToDateTime) is in the future compared to the current date and time (now()).

  3. project ValidToDateTime, SubjectName, CommonName: This selects and displays only specific pieces of information from the filtered certificates:

    • ValidToDateTime: The expiration date of the certificate.
    • SubjectName: The name of the entity to which the certificate was issued.
    • CommonName: The common name associated with the certificate, often the domain name of the website.

In summary, this query helps you keep track of which SSL/TLS certificates are currently valid and provides key details about them to ensure your website remains secure and trustworthy.

Details

Ugur Koc profile picture

Ugur Koc

Released: December 13, 2024

Tables

Certificate

Keywords

CertificateValidToDateTimeSubjectNameCommonName

Operators

wherenow()project

Actions

GitHub