![]() \nKey Usage: Digital Signature, Key Encipherment, Sata Encipherment\n\nExtension: Subject Alternative Name (2.5.29.17)\nCritical: 0\DNS: \nDNS: \nDNS: sample3.test. Thank you in advance for your time reading this and any input you might have.īelow is a sample snippet from the Nessus log data containing the SANs as well as the subsearch and regex I'm using for the SAN (certSAN) field extraction. The following example reads from the main dataset and. I think this is a common thing and it may not be possible to do what I'm trying to do, but I wanted to reach out to the community to see if anyone has any suggestions that I can try before I give on on this one. One way Splunk can combine multiple searches at one time is with the append command and a subsearch. I've also seen solutions that suggest edits to the the nf file, but I have not tried that yet. I tried using "format" in my subsearch, but when I use that, I get zero result returned to the main search. I've searched around and have seen some articles asking a very similar question and I've not been able to use any of the proposed solutions successfully. ![]() I understand that by default the subsearch will only return the first value, but I'm trying to find a way to get all of the values over to the main search. ![]() If I run the search as the primary search, it returns all of the applicable values however, when run as a subsearch, it only returns 1 value. I am trying to use a subsearch to extract SSL certificate Subject Alternative Names (SAN) from Nessus scan data and I'm running into the issue with subsearches only returning 1 value in a multi-value field.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |