Loading controls...

Control: Certificates should be visible in Certificate Transparency (CT) logs

Description

Certificate Transparency (CT) is an internet security standard for monitoring and auditing digital certificates. If a certificate authority issues an SSL certificate without adding it to the logs this can trigger certain browser errors. It is recommended that whenever issuing any certificate, add it to one or more public certificate transparency logs.

Usage

Run the control in your terminal:

steampipe check net_insights.control.ssl_certificate_transparent

Snapshot and share results via Steampipe Cloud:

steampipe login
steampipe check --share net_insights.control.ssl_certificate_transparent

Plugins & Tables

net_certificate

Params

Args	Name	Default	Description	Variable
$1	domain_names	`["github.com","microsoft.com"]`	DNS domain names.	domain_names

SQL

select
  common_name as resource,
  case
    when transparent then 'ok'
    else 'alarm'
  end as status,
  case
    when transparent then common_name || ' certificate is visible.'
    else common_name || ' certificate is not visible.'
  end as reason
from
  net_certificate
where
  domain in (
    select
      jsonb_array_elements_text(to_jsonb($1 :: text [ ]))
  )
order by
  common_name;

turbot/net_insights

Control: Certificates should be visible in Certificate Transparency (CT) logs

Description

Usage

Plugins & Tables

Params

SQL

Steampipe

Resources

Community