Enricher - CIRCL SSL Certificate Fetcher


This article describes the specific configuration options to set up the enricher.
To configure the general options for the enricher, see Configure the general options.


Specifications

Enricher name

CIRCL SSL Certificate Fetcher

Input

Hash-sha1.

Output

Enriches SSL fingerprint hash observables with the parsed certificate and all associated domain names.

API endpoint

https://www.circl.lu/v2pssl/cfetch/

Description

The CIRCL SSL Certificate Fetcher enricher uses the CIRCL API to poll the CIRCL Passive SSL database and to obtain parsed SSL certificates and all domain names associated with the input SSL SHA-1 hash fingerprints.

Requirements

Users need an API username and an API key. Sign up and subscribe to the service to obtain the required credentials to access the API endpoint exposing the service.

Configure the enricher parameters

  1. Edit the enricher.

  2. From the Observable types drop-down menu, select one or more observable types you want to enrich with data retrieved through the CIRCL SSL Certificate Fetcher enricher.

  3. The API URL field is automatically filled in with the default domain for the endpoint.
    You can add a proxy or set up ports according to your needs.
    Default value: https://www.circl.lu/v2pssl/cfetch/.

  4. In the API user name field, enter your CIRCL user name.

  5. In the API key field, enter your CIRCL API key.

  6. To store your changes, click Save; to discard them, click Cancel.

See also