OpenSSL version

Occasional Contributor

Can I identify OpenSSL versions using Sentinel query? What kind of data type is needed?

7 Replies
What data are you looking to query? Your question is a bit open ended without knowing where the data would be coming from.

@GBushey 

I am looking for a way to identify OpenSSL versions for different systems. More precisely I am trying to understand if I can find logs  that shows there are vulnerable OpenSSL versions as our customer is having troubles identifying those in their reports. Is it possible to create a query in Sentinel to check on which server OpenSSL is installed and in which version?

That would have to be done on a system-by-system basis. Without knowing what data each system is sending, it would not be possible to make this determination.
Thank you for the reply! Is there any common type of data that is sending such an information?
Not that I am aware of.
Take a look at the "Insecure Protocols" workbook to see if that will give you the information you need.
If you E5 , Try the TVM queries in the advanced hunting, the module can be found under Softwarename.