
Log in >
RSS feed

Extra data in certificates

21 April 2024
After fixing a bug that prevented the proper scan of the cryptographic suites used on a TLS server, it was opportune to add some extra data. There are four new fields available:

dh_groups: The list of Diffie Hellman groups used for key exchange, for instance: "RFC3526/Oakley Group 14".

ecdhe_curves: The list of Elliptic curves used in Diffie Hellman, for instance: "prime256v1"

tls12_sig_algs: The list signature algorithms used in TLS 1.2, for instance: "ECDSA+SHA256"

tls13_sig_algs: The list signature algorithms used in TLS 1.3, for instance: "ECDSA+SHA256"

These new fields are available everywhere, including in queries and the API. This example query will give you an overview of all Oaklye groups used in your certificates:

index=certificates dh_groups=*oakley* by dh_groups

Any group below 14 is considered weak these days.

Redesigned alerts

08 April 2024
The alerts interface is redesigned and more similar to the new reports. And like reports, it also has an Alert library to help you set up alerts. There will more more alerts in it, but for now we start with alert templates for:

- Assets appeared on blacklist
- Certificates with bad grades
- Hosts with problems
- New phishy domains
- New subdomain found for specific domain

You can also make your own custom alerts of course. If you miss something, please reach out and we'll see if we can make it for you.

Four new reports available

01 April 2024
There are 4 new reports available in the report library:

This report will show you the results of the tests that determine the security grades for all your websites in one overview

This shows you all rare ports you have exposed to the internet. All common ports (web, mail, ftp, ssh) are removed for this report and only the rare ports are shown. For each port we try to actually detect the protocol/service and results are shown in the report

This is an overview of your Internet Service Providers, complete with ASN and location information. Besides Country and City, there is a new field Region available as well. This can be handy when making geofence queries for bigger countries.

Hosts outside of Western countries
This one is a nice example of a geofence query. You can adapt it to your own needs. The query is:

index=hosts asn_registry!=ripe AND asn_registry!=arin AND 
country!=Japan AND country!=Australia AND 
country!="New Zealand" AND last_seen>-7d | 
table ip hostname isp, asn, city, region, country

Besides the new reports, there have also been some GUI updates that should improve the user experience. Check out the renewed assets page for instance.
Older posts >
