This bundle shows you how to both monitor the expiry dates for SSL certificates and to set up reporting and alerts for those events.
ExtraHop version 7.3.3 or later
- Download and apply the bundle.
- Locate the bundle you just downloaded and click Upload. The View Bundle window will appear.
- Review the Alerts and Triggers. There should be one of each.
- In the Actions box, select Apply 1 included assignment and click Apply.
- Edit the Trigger to catch cert(s) you care about. By default, the trigger catches ALL certs. The lines to edit are:
var subjectOfInterest1 = "extrahop.com"; var subjectOfInterest2 = "extrahop";
- Create a Device Group for the SSL Servers that you want to monitor.
- Assign the trigger to your new Device Group.
- Assign the alert to your new Device Group.
- Optional. Edit the trigger to change the alerting window. By default, the trigger alerts when a cert is going to expire within 90 days. To edit the trigger, click Settings, click Triggers, and then click SSL Expiration Check. The line to edit is: var advanceDaysNotice = 90;
- Optional. Add email address(es) to receive alerts for soon-to-expire SSL certs. By default, alerts are NOT sent. To add a notification group, click Settings, click Admin, click Notifications, then click Email Groups.
- Assign the trigger
- Edit the Alert. Look at (and modify) the following:
- Look at the Alert Settings tab, specifically, the Firing Mode section. Edge triggered means that the alert fires once. Level triggered means the alert fires every interval specified.
- Look at Notifications section. Add the notification group here. If you created a custom email notification group above, you would add it here.