Skip to content

CIRCLPassiveSSL#

README

CIRCLPassiveSSL#

Check CIRCL's Passive SSL service for a given IP address or certificate hash.

This analyzer comes in only one flavor.

Requirements#

Access to CIRCL Passive SSL is allowed to partners including security researchers or incident analysts worldwide. Contact CIRCL if you would like access.

If the CIRCL positively answers your access request, you'll obtain a username and password which are needed to make the analyzer work.

Supply your username as the value for the user parameter and your password as the value for the password parameter.

CIRCLPassiveSSL#

Author: Nils Kuhnert, CERT-Bund
License: AGPL-V3
Version: 2.0
Supported observables types:
- ip
- certificate_hash
- hash
Registration required: True
Subscription required: True
Free subscription: True
Third party service: https://www.circl.lu/services/passive-ssl/

Description#

Check CIRCL's Passive SSL for a given IP address or a X509 certificate hash.

Configuration#

user Username
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
password Password
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True

Templates samples for TheHive#

CIRCLPassiveSSL: short report

CIRCLPassiveSSL: long report