Forum Discussion
GavinDatacom
Jun 17, 2024Copper Contributor
Defender - Export or capture certificate expiry data
Hi There,
I am attempting to pull expired certificate information from Defender. My question is thus two fold:
- Is it possible to create an email or alert based on certificates due to expire in 30 days.
- Is it possible to call an API for Defender for Endpoint?
Our current solution for alerts on expiring certificates in the domain is no longer sustainable and I am looking at redesigning the solution, however, before we can do a proper solution, we need to do something a little less manual and this will be our start.
Alert Rule
I can see that the certificate information is under the Inventories of the Vulnerabilities blade in Defender Endpoint which suggests that an expiring certificate should alert as a Vulnerability. Is this correct, if so how would I go about creating an alert to identify this?
API or Information passing
Is it possible to use API to call the information of certificates from Defender, again I have looked and found nothing. If API's aren't possible I saw that I can ship the data to Event Hub which would be useful but again I need to know if the certificate information is captured and passed on if I do this. Does anyone have this information?
Thanks,
RESOLVED
Hi All,
I have found the information myself thanks.
Looks like there is an API call that contains all certificates and a logic app needs to be used to delineate expiring certificates in the JSON output.
MS Learning: API for Defender for Endpoint Certificates
I will be able to use this to achieve our interim solution. Thanks!
- GavinDatacomCopper Contributor
RESOLVED
Hi All,
I have found the information myself thanks.
Looks like there is an API call that contains all certificates and a logic app needs to be used to delineate expiring certificates in the JSON output.
MS Learning: API for Defender for Endpoint Certificates
I will be able to use this to achieve our interim solution. Thanks!