DET0844 Detection of Digital Certificates

Technique Detected: T1587.003 (Digital Certificates)

Analytics

PRE

AN1976

Consider use of services that may aid in the tracking of certificates in use on sites across the Internet. In some cases it may be possible to pivot on known pieces of certificate information to uncover other adversary infrastructure.(Citation: Splunk Kovar Certificates 2017) Detection efforts may be focused on related behaviors, such as Web Protocols , Asymmetric Cryptography , and/or Install Root Certificate .

Log Sources

Mutable Elements