DET0840 Detection of Install Digital Certificate

Technique Detected: T1608.003 (Install Digital Certificate)

Analytics

PRE

AN1972

Consider use of services that may aid in the tracking of certificates in use on sites across the Internet. In some cases it may be possible to pivot on known pieces of certificate information to uncover other adversary infrastructure.(Citation: Splunk Kovar Certificates 2017) Detection efforts may be focused on related behaviors, such as Web Protocols or Asymmetric Cryptography.

Log Sources

Mutable Elements