Contents x
      Get certificate information relating to an IP address
      • 16 May 2023
      • 1 Minute to read
      • Print
      • Dark
        Light
      Contents

      Get certificate information relating to an IP address

      • Updated on 16 May 2023
      • 1 Minute to read
      • Print
      • Dark
        Light
      Article summary

      Certificates are used in the authentication process to establish secure connections between devices, such as web browsers and servers, or to digitally sign files or emails.

      In the context of threat intelligence, certificate information is useful in a number of ways:

      1. Identifying malicious websites and phishing attacks. Many attackers use fake or stolen certificates to make their websites appear legitimate, but analyzing certificate information helps to detect these fraudulent sites.

      2. Tracking the activities of threat actors. By analyzing certificate information, security analysts can identify patterns and connections between different attacks, as well as the infrastructure and resources used by specific threat actors.

      3. Verifying the authenticity of digital communications. By using certificate information to confirm the identity of a sender, or the authenticity of a file, security teams can reduce the risk of falling victim to phishing, malware, or other attacks.

      Silent Push allows you to search through data from our daily scans of the Internet's IPv4 range to obtain information on a broad range of elements related to individual certificates.

      1. Navigate to Advanced Query Builder > IPv4 Queries > Scan Data - Certificates

      2. Specify an IP address

      3. Specify a netmask to use in combination with an IP address to search across a range of IP addresses

      4. Specify a certificate fingerprint in fingerprint_sha1

      5. Specify a domain (wildcards are supported)

      6. Select expired_certs_only to only return only return data containing expired certificates

      7. Enter a value in window (days) to include scan results within the last amount of specified days

      8. Specify a value to limit the number of results returned

      9. Enter a value in skip to skip a specified number of results

      10. Click Search

      Saving queries

      Organizational users are able to save individual queries ran from Advanced Query Builder, and store them in the Private Queries menu for future analysis, or to share with their organization.

      1. Specify the query parameters

      2. Click Save Query

      3. Give your query a Name

      4. Specify a Description to add more context

      5. Click Save

      Was this article helpful?
      What's Next