The Austrian Energy CERT and the GovCERT Austria monitor the Certificate Transparency Logs ("CTL") for their constituents' domains. These Logs contain any newly issued server certificates and monitoring those lists allows for timely detection of abuse. Our processing chain of this data involves several steps which can be useful for other CERTs and security teams. Our experience gained on the processing of this kind of data as well as code will also be incorporated in the further development of IntelMQ.

The tools are published on our GitHub page.

This blog post is part of a series of blog posts related to our CEF Telecom 2018-AT-IA-0111 project, which also supports our participation in the CSIRTs Network.