Forum Discussion

GavinDatacom's avatar
GavinDatacom
Copper Contributor
Jun 17, 2024

Defender - Export or capture certificate expiry data

Hi There,

 

I am attempting to pull expired certificate information from Defender. My question is thus two fold:

  1. Is it possible to create an email or alert based on certificates due to expire in 30 days.
  2. Is it possible to call an API for Defender for Endpoint?

Our current solution for alerts on expiring certificates in the domain is no longer sustainable and I am looking at redesigning the solution, however, before we can do a proper solution, we need to do something a little less manual and this will be our start.

 

Alert Rule

I can see that the certificate information is under the Inventories of the Vulnerabilities blade in Defender Endpoint which suggests that an expiring certificate should alert as a Vulnerability. Is this correct, if so how would I go about creating an alert to identify this?

 

API or Information passing

Is it possible to use API to call the information of certificates from Defender, again I have looked and found nothing. If API's aren't possible I saw that I can ship the data to Event Hub which would be useful but again I need to know if the certificate information is captured and passed on if I do this. Does anyone have this information?

 

Thanks,

  • GavinDatacom's avatar
    GavinDatacom
    Copper Contributor

    RESOLVED

    Hi All,

     

    I have found the information myself thanks.

     

    Looks like there is an API call that contains all certificates and a logic app needs to be used to delineate expiring certificates in the JSON output.
    MS Learning: API for Defender for Endpoint Certificates 


    I will be able to use this to achieve our interim solution. Thanks!

Resources