Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community
SOLVED

Defender - Export or capture certificate expiry data

Copper Contributor

Hi There,

 

I am attempting to pull expired certificate information from Defender. My question is thus two fold:

  1. Is it possible to create an email or alert based on certificates due to expire in 30 days.
  2. Is it possible to call an API for Defender for Endpoint?

Our current solution for alerts on expiring certificates in the domain is no longer sustainable and I am looking at redesigning the solution, however, before we can do a proper solution, we need to do something a little less manual and this will be our start.

 

Alert Rule

I can see that the certificate information is under the Inventories of the Vulnerabilities blade in Defender Endpoint which suggests that an expiring certificate should alert as a Vulnerability. Is this correct, if so how would I go about creating an alert to identify this?

 

API or Information passing

Is it possible to use API to call the information of certificates from Defender, again I have looked and found nothing. If API's aren't possible I saw that I can ship the data to Event Hub which would be useful but again I need to know if the certificate information is captured and passed on if I do this. Does anyone have this information?

 

Thanks,

1 Reply
best response confirmed by GavinDatacom (Copper Contributor)
Solution

RESOLVED

Hi All,

 

I have found the information myself thanks.

 

Looks like there is an API call that contains all certificates and a logic app needs to be used to delineate expiring certificates in the JSON output.
MS Learning: API for Defender for Endpoint Certificates 


I will be able to use this to achieve our interim solution. Thanks!

1 best response

Accepted Solutions
best response confirmed by GavinDatacom (Copper Contributor)
Solution

RESOLVED

Hi All,

 

I have found the information myself thanks.

 

Looks like there is an API call that contains all certificates and a logic app needs to be used to delineate expiring certificates in the JSON output.
MS Learning: API for Defender for Endpoint Certificates 


I will be able to use this to achieve our interim solution. Thanks!

View solution in original post