From 325adad9419957a73486a4b76deb916b35ecb640 Mon Sep 17 00:00:00 2001
From: Mo Zhu <mo@fleetdm.com>
Date: Tue, 20 Sep 2022 11:16:59 -0700
Subject: [PATCH] query for discovering TLS certs (#7797)

* query for discovering TLS certs

* Update standard-query-library.yml

* Use Nabil as the contributor

Co-authored-by: Zach Wasserman <zach@fleetdm.com>

* More accurate description of query purpose

Co-authored-by: Zach Wasserman <zach@fleetdm.com>

Co-authored-by: Zach Wasserman <zach@fleetdm.com>
---
 .../standard-query-library.yml                      | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/docs/01-Using-Fleet/standard-query-library/standard-query-library.yml b/docs/01-Using-Fleet/standard-query-library/standard-query-library.yml
index a6a5c6b550..16a70cfcce 100644
--- a/docs/01-Using-Fleet/standard-query-library/standard-query-library.yml
+++ b/docs/01-Using-Fleet/standard-query-library/standard-query-library.yml
@@ -919,4 +919,15 @@ spec:
   platforms: macOS
   tags: compliance, built-in
   platform: darwin
-  contributors: GuillaumeRoss
\ No newline at end of file
+  contributors: GuillaumeRoss
+---
+apiVersion: v1
+kind: query
+spec:
+  name: Discover TLS certificates
+  platforms: Linux, Windows, macOS
+  description: Retrieves metadata about TLS certificates for servers listening on the local machine. Enables mTLS adoption analysis and cert expiration notifications.
+  query: SELECT * FROM curl_certificate WHERE hostname IN (SELECT DISTINCT 'localhost:'||port FROM listening_ports WHERE protocol=6 AND address!='127.0.0.1' AND address!='::1');
+  purpose: Informational
+  tags: network, tls
+  contributors: nabilschear