mismatched ssl detection + ssl template updates (#5256)

* mismatched ssl detection + ssl template updates

* misc fix

ssl/deprecated-tls.yaml

@@ -16,8 +16,8 @@ info:
 
 ssl:
   - address: "{{Host}}:{{Port}}"
-    min_version: sslv3
-    max_version: sslv3
+    min_version: ssl30
+    max_version: ssl30
 
     extractors:
       - type: json

ssl/detect-ssl-issuer.yaml

@@ -1,4 +1,4 @@
-id: detect-ssl-issuer
+id: ssl-issuer
 
 info:
   name: Detect SSL Certificate Issuer
@@ -12,4 +12,4 @@ ssl:
     extractors:
       - type: json
         json:
-          - " .issuer_organization[]"
+          - " .issuer_org[]"

ssl/expired-ssl.yaml

@@ -8,7 +8,13 @@ info:
 
 ssl:
   - address: "{{Host}}:{{Port}}"
+
     matchers:
       - type: dsl
         dsl:
-          - "unixtime() > not_after"
+          - "expired == true"
+
+    extractors:
+      - type: kval
+        kval:
+          - "not_after"

ssl/mismatched-ssl.yaml

@@ -0,0 +1,15 @@
+id: mismatched-ssl
+
+info:
+  name: Mismatched SSL Certificate
+  author: pdteam
+  severity: low
+  tags: ssl
+
+ssl:
+  - address: "{{Host}}:{{Port}}"
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "mismatched == true"

ssl/self-signed-ssl.yaml

@@ -9,20 +9,7 @@ info:
 ssl:
   - address: "{{Host}}:{{Port}}"
 
-    extractors:
-      - type: json
-        name: common_name
-        json:
-          - ".common_name[]"
-        internal: true
-
-      - type: json
-        name: issuer_common_name
-        json:
-          - ".issuer_common_name[]"
-        internal: true
-
     matchers:
       - type: dsl
         dsl:
-          - "common_name == issuer_common_name"
+          - "self_signed == true"

ssl/ssl-dns-names.yaml

@@ -12,4 +12,4 @@ ssl:
     extractors:
       - type: json
         json:
-          - " .dns_names[]"
+          - ".subject_an[]"

ssl/tls-version.yaml

@@ -12,4 +12,4 @@ ssl:
     extractors:
       - type: json
         json:
-          - " .tls_version"
+          - ".tls_version"