Closed gerhard-tinned closed 1 year ago
AGWA
commented
7 years ago This is not currently possible, but I can see the utility.
To be clear, do you want to know which identifiers in the certificate matched, or do you want to know which watchlist entries matched? The former would be easier to implement.
gerhard-tinned
commented
7 years ago The watchlist entry (entries) would be the interesting information. The watchlist entry is the identifying information for the notification sent out.
gerhard-tinned
commented
7 years ago Is there any update for If and when this will be implemented?
AGWA
commented
1 year ago As of v0.15.0, certspotter sets $WATCH_ITEM containing the first item from the watch list which matched the certificate.
When writing a script for the -script option, I noticed that there are many details about the CT and the certificate. I was wondering if there is a variable to identify the matching search therms from the watchlist.
Example: I have multiple search terms in the watchlist. When I get a script call, I would like to know which search term was triggering it to trigger the correct actions in the script (e.g. notify the correct people, ...)
How could this be done? Is there a variable I did not see documented in Issue #11.