This bundle collects data and reports on SSL traffic for which an ExtraHop is not decrypting traffic because it doesn't have the valid private key required to do so. The bundle is most applicable in environments equipped with decryption-enabled appliances where an understanding of which traffic is going undecrypted is needed. The bundle has 3 components:
- Trigger – Records the certificate subject common names (CNs) and server IP's for undecrypted traffic. Gets assigned to the bundled device group.
- Page – Displays statistics captured by trigger. Gets assigned to network objects.
- Device Group – Bundled device group that gathers all monitored SSL servers into a group. Makes importing the bundle more seamless.
Bundle is most applicable to customers who have or are preparing to deploy the SSL decryption feature.
- Configure the Trigger. (optional) By default, the trigger will not measure SSL opens that happen through a device that ExtraHop has determined to be a gateway. This avoids reporting on SSL servers on the broader Internet or some other network segment outside of control of the monitoring organization. In some instances, it may be desired to change this behavior and one of two options may be employed:
- Change the first non-comment line in the trigger (trigger name is 'Un-decrypted SSL') as follows: var avoidGateways=false
- OR Remove the default assignment of the trigger to the bundled "SSL Servers" device group and assign it only to any relevant devices, whether gateway or server.
- Results can be viewed in a custom page by clicking Network, clicking the top-level network, and then clicking the Un-decrypted SSL** page.