RiskIQPassiveTotalSSLScript

Enhancement script to enrich SSL information for Email, File SHA-1 and RiskIQSerialNumber type of indicators. It can be set by following these steps:

  • Settings > ADVANCED > Indicator Type
  • Edit Email, File SHA-1 and RiskIQSerialNumber Indicator one by one
  • Add this script into Enhancement Scripts

Script Data


NameDescription
Script Typepython3
Tagsenhancement
Demisto Version5.0.0

Dependencies


This script uses the following commands and scripts.

  • pt-ssl-cert-search

Inputs


Argument NameDescription
indicator_valueEmail, File SHA-1 and RiskIQSerialNumber indicator value that need to enrich

Outputs


There are no outputs for this script.

Script Example

!RiskIQPassiveTotalSSLScript indicator_value=61135c80f8ed28d2

Context Example

{
"PassiveTotal": {
"SSL": [
{
"expirationDate": "Apr 09 13:15:00 2019 GMT",
"fingerprint": "88:48:e8:68:b1:90:d0:fd:cb:6f:39:c3:7b:53:82:c8:7e:09:76:b0",
"firstSeen": 1547559631314,
"issueDate": "Jan 15 13:15:00 2019 GMT",
"issuerCommonName": "Google Internet Authority G3",
"issuerCountry": "US",
"issuerOrganizationName": "Google Trust Services",
"lastSeen": 1547607634446,
"serialNumber": "6995036355238373586",
"sha1": "8848e868b190d0fdcb6f39c37b5382c87e0976b0",
"sslVersion": "3",
"subjectAlternativeNames": [
"www.google.com"
],
"subjectCommonName": "www.google.com",
"subjectCountry": "US",
"subjectLocalityName": "Mountain View",
"subjectOrganizationName": "Google LLC",
"subjectProvince": "California",
"subjectStateOrProvinceName": "California"
},
{
"expirationDate": "Apr 09 13:15:00 2019 GMT",
"fingerprint": "99:5b:00:5f:44:be:53:bf:3e:59:21:90:1d:79:a9:8e:54:af:d3:29",
"firstSeen": 1548455641692,
"issueDate": "Jan 15 13:15:00 2019 GMT",
"issuerCommonName": "Google Internet Authority G3",
"issuerCountry": "US",
"issuerOrganizationName": "Google Trust Services",
"lastSeen": 1549571983939,
"serialNumber": "6995036355238373586",
"sha1": "995b005f44be53bf3e5921901d79a98e54afd329",
"sslVersion": "3",
"subjectAlternativeNames": [
"www.google.com"
],
"subjectCommonName": "www.google.com",
"subjectCountry": "US",
"subjectLocalityName": "Mountain View",
"subjectOrganizationName": "Google LLC",
"subjectProvince": "California",
"subjectStateOrProvinceName": "California"
}
]
}
}

Human Readable Output

Total Retrieved Record(s): 2

SSL certificate(s)

Sha1Serial NumberIssued (GMT)Expires (GMT)SSL VersionFirst Seen (GMT)Last Seen (GMT)Issuer Common NameSubject Common NameSubject Alternative NamesIssuer Organization NameSubject Organization NameSubject Locality NameSubject State/Province NameIssuer CountrySubject Country
8848e868b190d0fdcb6f39c37b5382c87e0976b06995036355238373586Jan 15 13:15:00 2019 GMTApr 09 13:15:00 2019 GMT32019-01-15 13:40:312019-01-16 03:00:34Google Internet Authority G3www.google.comwww.google.comGoogle Trust ServicesGoogle LLCMountain ViewCaliforniaUSUS
995b005f44be53bf3e5921901d79a98e54afd3296995036355238373586Jan 15 13:15:00 2019 GMTApr 09 13:15:00 2019 GMT32019-01-25 22:34:012019-02-07 20:39:43Google Internet Authority G3www.google.comwww.google.comGoogle Trust ServicesGoogle LLCMountain ViewCaliforniaUSUS