- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-13-2022 05:56 PM
hey Experts -
This is regarding Certificate Inventory management. I am trying to create an Incident through Event management - however when i am getting events there is no distinguishing filter to determine if that certificate is Self signed or External. The consultants are suggesting to do scripting to get the self signed or external. However i am wondering this information should be there in the certificates that discovery should discover in first place. Please suggest a best way to avoid this scripting.. Thank you!!! (the concealed part is alpha numeric fingerprint)
Solved! Go to Solution.
- Labels:
-
Orchestration (ITOM)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-15-2022 11:42 PM
Hi Ashi,
This should do the trick - copied the ootb Create Incident flow, and added a "Look Up Records" action to find a certificate which matches the sysid of the CI on the alert and is self-signed.
The if condition on the next step checks if the Count returned by the Look Up Records action is greater than 0. If yes, then it means the certificate was found and it is a self-signed cert, so the flow is stopped.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-14-2022 09:51 AM
You can use the Renewal Tracking field to effectively govern the policies for TLS Cert. If you set the field to "Do no create renewal tasks", automated lifecycle tracking workflows will ignore the renewal notifications.
In the cmdb_ci_certificate table, you will see is_self_signed and is_ca attributes. you can use them for Business rule creation.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-15-2022 05:05 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-15-2022 04:52 AM
Hi Ashi,
When you discover the certificate, the certificate CI record created has a flag to indicate whether it's self-signed or not. When the event is created, the out-of-the-box event rules will trigger an alert, and that alert will be bound to the certificate CI.
So, if the target is to trigger some logic based on whether it's an external or self-signed certificate, it can be achieved without scripting if you use flows and alert management rules.
- Create an alert management rule which handles the certificate expired alert
- Create a subflow which creates an incident from an alert (copy and modify the out of the box flow)
- Customise the flow to read the "Is Self Signed" field on the CI associated to the alert and perform any logic required (e.g. adding "External" or "Self-signed" to the incident description)
- Save and activate the alert management rule with the linked subflow.
Screenshots
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-15-2022 03:22 PM
Adz - i got your point until alert rule but when i go to flow designer then i get stuck on which table should i pick to get the filters out plus i am trying to create a incident for NOt self signed expired certificate. Can you please help me with the table and input for unique certificates. I was wondering why would we even need event management in first place.