Can you utilize the intel framework for this type of alerting? I want to alert on client software signed with a certificate containing a particular name or serial.
We aren't quite at the point yet where certificates are parsed out of executables. We are working in that direction though and it *should* be possible in the future do exactly this.
.Seth