locked
PKI Certificate Validation MP - exclude discovery with wildcard RRS feed

  • Question

  • Posting here because the threads in SystemCenterCentral appear to be dead.

    I have the PKI Certificate Validation MP and it's great. In fact it's a little too good. We have certificates that are generated and expire on a 24hr basis. Which cause huge numbers of tickets to be created by SCOM.  I've tried doing a dynamic group containing the string 'P2P' in the issuer field and disabling alerting on that group. Which only works some of the time. I suspect that the initial discovery of the group happens, then the evaluation of lifespan occurs and alerts before the exclusion group is populated.

    What I need to do is stop these being discovered in the first place. Which means overriding the Discovery 'Discovery of local computer's certificate store "My / Personal" (registry)' - I think. Then modifying the Parameter 'Issuer Filter - Exclude (RegEx)'.

    What I don't know is how to populate this with a wildcard as the Issuer of these certificates contains the year as part of its string - eg CN=MS-Organization-P2P-Access [2018]. In fact I don't really know whether I should be replacing the current value ^$ or appending my string to that.

    Can anybody enlighten me?

    Monday, December 31, 2018 2:16 PM

Answers

All replies