Hi Tarun,
Thank you for the detailed inputs.
I have a few follow-up questions to understand the correct approach before we proceed further across the estate.
Do we know since when the process moved from STID:WRAPPER / STID:RENEW:WRAPPER to PEM:PISABASEID? Also, do we have the exact documented steps for the PEM:PISABASEID based renewal process? I found something similar here for reference:
For estate-wide validation, do we have any specific command or known check to confirm whether a host is correctly using PEM:PISABASEID? For STID:WRAPPER, I am currently using the below command/check, but when I try a similar check for PEM:PISABASEID, it does not return anything.
<add your wrapper command/check here>
Do we already have any provision or arrangement available to scan the estate for this? If not, could you please advise the exact Tanium command/query we should use to identify hosts with STID:WRAPPER, STID:RENEW:WRAPPER, and PEM:PISABASEID?
I also have two sample hosts with me for comparison:
- Host where PEM:PISABASEID is not listed, but the DB/GI certificates are valid.
- Host where STID:WRAPPER is invalid, and the DB/GI certificates are also invalid.
Could you please help confirm the expected state for such hosts and the correct remediation path?
Regards,
Nikhil
0 comments:
Post a Comment