CIRCLPassiveSSL#
README
CIRCLPassiveSSL#
Check CIRCL's Passive SSL service for a given IP address or certificate hash.
This analyzer comes in only one flavor.
Requirements#
Access to CIRCL Passive SSL is allowed to partners including security researchers or incident analysts worldwide. Contact CIRCL if you would like access.
If the CIRCL positively answers your access request, you'll obtain a username and password which are needed to make the analyzer work.
Supply your username as the value for the user parameter and your password
as the value for the password parameter.
CIRCLPassiveSSL#
Author: Nils Kuhnert, CERT-Bund
License: AGPL-V3
Version: 2.0
Supported observables types:
- ip
- certificate_hash
- hash
Registration required: True
Subscription required: True
Free subscription: True
Third party service: https://www.circl.lu/services/passive-ssl/
Description#
Check CIRCL's Passive SSL for a given IP address or a X509 certificate hash.
Configuration#
| user | Username |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | True |
| password | Password |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | True |
Templates samples for TheHive#
