Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Category: Problem

Priority: Normal

Platform: Splunk

Version: 1 from 08.11.2022

Description

The Certificates.SSL CIM dataset does not return STRUST data as expected. Instead, the STRUST data will only appear when calling from the broader Certificates data model, and no SSL-related fields are found in the search results.

Cause

The applicable tag is missing from the STRUST event type, excluding the data from the SSL dataset.

Resolution

Add the “ssl” tag to the event type with the following procedure:

  1. Go to Settings > Event types

  2. Search for the “event_type_STRUST” event type

  3. Click on the event type

  4. Add the “ssl” tag next to the “certificate” tag

  5. Save

  6. After a few minutes, try searching again

 

  • No labels