/
CertificatesTroubleshoot.yml
344 lines (344 loc) · 21 KB
/
CertificatesTroubleshoot.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
args:
- description: The endpoint identifier IP address or URL. For example, "google.com".
name: endpoint
required: true
- description: Operation mode. Determines how the endpoint is inspected. Options are either python or openssl.
name: mode
auto: PREDEFINED
predefined:
- python
- openssl
defaultValue: python
- defaultValue: '443'
description: The endpoint port. Default is 443.
name: port
comment: Exports all certificate-related information from the Python Docker container and decodes it using RFC. It also retrieves the certificate located in the specified endpoint.
commonfields:
id: CertificatesTroubleshoot
version: -1
enabled: true
name: CertificatesTroubleshoot
outputs:
- contextPath: TroubleShoot.Engine.SSL/TLS.ShellVariables.SSL_CERT_FILE
description: The SSL_CERT_FILE environment variable. For example, "/etc/custom-python-ssl/certs.pem".
type: String
- contextPath: TroubleShoot.Engine.SSL/TLS.ShellVariables.CERT_FILE
description: The CERT_FILE environment variable. For example, "/etc/custom-python-ssl/certs.pem".
type: String
- contextPath: TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Subject.OrganizationalUnitName
description: The unit name of the organization that is the holder of the engine custom SSL certificate. For example, "Content".
type: String
- contextPath: TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Subject.OrganizationName
description: The name of the organization that is the holder of the engine custom SSL certificate. For example, "Cortex XSOAR".
type: String
- contextPath: TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Subject.BusinessCategory
description: The business category of the holder of the engine custom SSL certificate.
type: String
- contextPath: TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Subject.Title
description: The title of the holder of the engine custom SSL certificate.
type: String
- contextPath: TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Subject.SerialNumber
description: The serial number of the holder of the engine custom SSL certificate.
type: String
- contextPath: TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Subject.StateOrProvinceName
description: The state or province of the holder of the engine custom SSL certificate.
type: String
- contextPath: TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Subject.DomainComponent
description: The DNS domain name of the holder of the engine custom SSL certificate.
type: String
- contextPath: TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Subject.GivenName
description: The given name of the holder of the engine custom SSL certificate.
type: String
- contextPath: TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Subject.Pseudonym
description: The pseudonym of the holder of the engine custom SSL certificate.
type: String
- contextPath: TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Subject.JurisdictionStateOrProvinceName
description: The jurisdiction state or province of the holder of the engine custom SSL certificate.
type: String
- contextPath: TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Subject.GenerationQualifier
description: The generation qualifier of the holder of the engine custom SSL certificate. For example, 3rd generation.
type: String
- contextPath: TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Subject.LocalityName
description: The locality of the holder of the engine custom SSL certificate. For example, "Birmingham".
type: String
- contextPath: TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Subject.SurName
description: The surname of the holder of the engine custom SSL certificate.
type: String
- contextPath: TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Subject.CommonName
description: The common name of the holder of the engine custom SSL certificate. For example, "Cortex XSOAR TLS".
type: String
- contextPath: TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Subject.JurisdictionLocalityName
description: The jurisdiction locality of the holder of the engine custom SSL certificate.
type: String
- contextPath: TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Subject.StreetAddress
description: The street address of the holder of the engine custom SSL certificate.
type: String
- contextPath: TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Subject.PostalCode
description: The postal code of the holder of the engine custom SSL certificate.
type: String
- contextPath: TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Subject.PostalAddress
description: The postal address of the holder of the engine custom SSL certificate.
type: String
- contextPath: TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Subject.JurisdictionCountryName
description: The jurisdiction country name of the holder of the engine custom SSL certificate.
type: String
- contextPath: TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Subject.CountryName
description: The country of the holder of the engine custom SSL certificate. For example, "GB".
type: String
- contextPath: TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Subject.EmailAddress
description: The email address of the holder of the engine custom SSL certificate.
type: String
- contextPath: TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Subject.DomainNameQualifier
description: The domain name qualifier of the holder of the engine custom SSL certificate.
type: String
- contextPath: TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Issuer.OrganizationalUnitName
description: The unit name of the organization of the authority that issued the engine custom SSL certificate.
type: String
- contextPath: TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Issuer.OrganizationName
description: The name of the organization of the authority that issued the engine custom SSL certificate.
type: String
- contextPath: TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Issuer.BusinessCategory
description: The business category of the authority that issued the engine custom SSL certificate.
type: String
- contextPath: TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Issuer.Title
description: The title of the authority that issued the engine custom SSL certificate.
type: String
- contextPath: TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Issuer.SerialNumber
description: The serial number of the authority that issued the engine custom SSL certificate.
type: String
- contextPath: TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Issuer.StateOrProvinceName
description: The state or province of the authority that issued the engine custom SSL certificate.
type: String
- contextPath: TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Issuer.DomainComponent
description: The DNS domain name of the authority that issued the engine custom SSL certificate.
type: String
- contextPath: TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Issuer.GivenName
description: The given name of the authority that issued the engine custom SSL certificate.
type: String
- contextPath: TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Issuer.Pseudonym
description: The pseudonym of the authority that issued the engine custom SSL certificate.
type: String
- contextPath: TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Issuer.JurisdictionStateOrProvinceName
description: The jurisdiction state or province of the authority that issued the engine custom SSL certificate.
type: String
- contextPath: TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Issuer.GenerationQualifier
description: The generation qualifier of the authority that issued the engine custom SSL certificate. For example, 3rd generation.
type: String
- contextPath: TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Issuer.LocalityName
description: The locality of the authority that issued the engine custom SSL certificate.
type: String
- contextPath: TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Issuer.SurName
description: The surname of the authority that issued the engine custom SSL certificate.
type: String
- contextPath: TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Issuer.CommonName
description: The common name of the authority that issued the engine custom SSL certificate. For example, "Cortex XSOAR TLS".
type: String
- contextPath: TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Issuer.JurisdictionLocalityName
description: The jurisdiction locality of the authority that issued the engine custom SSL certificate.
type: String
- contextPath: TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Issuer.StreetAddress
description: The street address of the authority that issued the engine custom SSL certificate.
type: String
- contextPath: TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Issuer.PostalCode
description: The postal code of the authority that issued the engine custom SSL certificate.
type: String
- contextPath: TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Issuer.PostalAddress
description: The postal address of the authority that issued the engine custom SSL certificate.
type: String
- contextPath: TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Issuer.JurisdictionCountryName
description: The jurisdiction country name of the authority that issued the engine custom SSL certificate.
type: String
- contextPath: TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Issuer.CountryName
description: The country of the authority that issued the engine custom SSL certificate.
type: String
- contextPath: TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Issuer.EmailAddress
description: The email address of the authority that issued the engine custom SSL certificate.
type: String
- contextPath: TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Issuer.DomainNameQualifier
description: The domain name qualifier of the authority that issued the engine custom SSL certificate.
type: String
- contextPath: TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Extentions.IssuerAlternativeName
description: The alternate name of the issuer.
type: String
- contextPath: TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Extentions.SubjectAlternativeName
description: The alternate name of the subject.
type: String
- contextPath: TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.NotValidBefore
description: The beginning of the validity period for the certificate in UTC format.
type: Date
- contextPath: TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.NotValidAfter
description: The end of the validity period for the certificate in UTC format.
type: Date
- contextPath: TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Version
description: The version of the certificate.
type: Number
- contextPath: TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Raw
description: The raw engine custom SSL certificate.
type: String
- contextPath: TroubleShoot.Engine.SSL/TLS.Identifier
description: The engine SSL identifier.
type: String
- contextPath: TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Subject.OrganizationalUnitName
description: The unit name of the organization that is the holder of the endpoint SSL certificate.
type: String
- contextPath: TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Subject.OrganizationName
description: The name of the organization that is the holder of the endpoint SSL certificate.
type: String
- contextPath: TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Subject.BusinessCategory
description: The business category of the holder of the endpoint SSL certificate.
type: String
- contextPath: TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Subject.Title
description: The title of the holder of the endpoint SSL certificate.
type: String
- contextPath: TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Subject.SerialNumber
description: The serial number of the holder of the endpoint SSL certificate.
type: String
- contextPath: TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Subject.StateOrProvinceName
description: The state or province of the holder of the endpoint SSL certificate.
type: String
- contextPath: TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Subject.DomainComponent
description: The DNS domain name of the holder of the endpoint SSL certificate.
type: String
- contextPath: TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Subject.GivenName
description: The given name of the holder of the endpoint SSL certificate.
type: String
- contextPath: TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Subject.Pseudonym
description: The pseudonym of the holder of the endpoint SSL certificate.
type: String
- contextPath: TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Subject.JurisdictionStateOrProvinceName
description: The jurisdiction state or province of the holder of the endpoint SSL certificate.
type: String
- contextPath: TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Subject.GenerationQualifier
description: The generation qualifier of the holder of the endpoint SSL certificate. For example, 3rd generation.
type: String
- contextPath: TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Subject.LocalityName
description: The locality of the holder of the endpoint SSL certificate.
type: String
- contextPath: TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Subject.SurName
description: The surname of the holder of the endpoint SSL certificate.
type: String
- contextPath: TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Subject.CommonName
description: The common name of the holder of the endpoint SSL certificate.
type: String
- contextPath: TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Subject.JurisdictionLocalityName
description: The jurisdiction locality of the holder of the endpoint SSL certificate.
type: String
- contextPath: TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Subject.StreetAddress
description: The street address of the holder of the endpoint SSL certificate.
type: String
- contextPath: TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Subject.PostalCode
description: The postal code of the holder of the endpoint SSL certificate.
type: String
- contextPath: TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Subject.PostalAddress
description: The postal address of the holder of the endpoint SSL certificate.
type: String
- contextPath: TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Subject.JurisdictionCountryName
description: The jurisdiction country name of the holder of the endpoint SSL certificate.
type: String
- contextPath: TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Subject.CountryName
description: The country of the holder of the endpoint SSL certificate.
type: String
- contextPath: TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Subject.EmailAddress
description: The email address of the holder of the endpoint SSL certificate.
type: String
- contextPath: TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Subject.DomainNameQualifier
description: The domain name qualifier of the holder of the endpoint SSL certificate.
type: String
- contextPath: TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Issuer.OrganizationalUnitName
description: The unit name of the organization of the authority that issued the endpoint SSL certificate.
type: String
- contextPath: TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Issuer.OrganizationName
description: The name of the organization of the authority that issued the endpoint SSL certificate.
type: String
- contextPath: TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Issuer.BusinessCategory
description: The business category of the authority that issued the endpoint SSL certificate.
type: String
- contextPath: TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Issuer.Title
description: The title of the authority that issued the endpoint SSL certificate.
type: String
- contextPath: TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Issuer.SerialNumber
description: The serial number of the authority that issued the endpoint SSL certificate.
type: String
- contextPath: TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Issuer.StateOrProvinceName
description: The state or province of the authority that issued the endpoint SSL certificate.
type: String
- contextPath: TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Issuer.DomainComponent
description: The DNS domain name of the authority that issued the endpoint SSL certificate.
type: String
- contextPath: TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Issuer.GivenName
description: The given name of the authority that issued the endpoint SSL certificate.
type: String
- contextPath: TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Issuer.Pseudonym
description: The pseudonym of the authority that issued the endpoint SSL certificate.
type: String
- contextPath: TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Issuer.JurisdictionStateOrProvinceName
description: The jurisdiction state or province of the authority that issued the endpoint SSL certificate.
type: String
- contextPath: TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Issuer.GenerationQualifier
description: The generation qualifier of the authority that issued the endpoint SSL certificate. For example, 3rd generation.
type: String
- contextPath: TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Issuer.LocalityName
description: The locality of the authority that issued the endpoint SSL certificate.
type: String
- contextPath: TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Issuer.SurName
description: The surname of the authority that issued the endpoint SSL certificate.
type: String
- contextPath: TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Issuer.CommonName
description: The common name of the authority that issued the endpoint SSL certificate.
type: String
- contextPath: TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Issuer.JurisdictionLocalityName
description: The jurisdiction locality of the authority that issued the endpoint SSL certificate.
type: String
- contextPath: TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Issuer.StreetAddress
description: The street address of the authority that issued the endpoint SSL certificate.
type: String
- contextPath: TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Issuer.PostalCode
description: The postal code of the authority that issued the endpoint SSL certificate.
type: String
- contextPath: TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Issuer.PostalAddress
description: The postal address of the authority that issued the endpoint SSL certificate.
type: String
- contextPath: TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Issuer.JurisdictionCountryName
description: The jurisdiction country name of the authority that issued the endpoint SSL certificate.
type: String
- contextPath: TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Issuer.CountryName
description: The country of the authority that issued the endpoint SSL certificate.
type: String
- contextPath: TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Issuer.EmailAddress
description: The email address of the authority that issued the endpoint SSL certificate.
type: String
- contextPath: TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Issuer.DomainNameQualifier
description: The domain name qualifier of the authority that issued the endpoint SSL certificate.
type: String
- contextPath: TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Extentions.IssuerAlternativeName
description: The alternate name of the issuer.
type: String
- contextPath: TroubleShoot.Endpoint.SSL/TLS.Certificates.Decode.Extentions.SubjectAlternativeName
description: The alternate name of the subject.
type: String
- contextPath: TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.NotValidBefore
description: The beginning of the validity period for the certificate in UTC format.
type: Date
- contextPath: TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.NotValidAfter
description: The end of the validity period for the certificate in UTC format.
type: Date
- contextPath: TroubleShoot.Engine.SSL/TLS.CustomCertificateAuthorities.Decode.Version
description: The version of the certificate.
type: Number
- contextPath: TroubleShoot.Endpoint.SSL/TLS.Certificates.Raw
description: The raw endpoint SSL certificate.
type: String
- contextPath: TroubleShoot.Endpoint.SSL/TLS.Identifier
description: The endpoint SSL identifier.
type: String
script: '-'
subtype: python3
tags:
- Utility
timeout: '0'
type: python
dockerimage: demisto/auth-utils:1.0.0.88531
runas: DBotWeakRole
tests:
- No tests (auto formatted)
fromversion: 5.0.0