Transport Layer Security (TLS)
tls
The Transport Layer Security (TLS) object describes the negotiated TLS protocol used for secure communications over an establish network connection.
Attributes
| Caption | Name | Type | Description |
|---|---|---|---|
| Client TLS Alert | alert | Integer | The integer value of TLS alert if present. The alerts are defined in the TLS specification in RFC-2246. |
| Certificate | certificate | Digital Certificate[] | The certificate object containing information about the digital certificate. |
| Certificate Chain | certificate_chain | String[] | The Chain of Certificate Serial Numbers field provides a chain of Certificate Issuer Serial Numbers leading to the Root Certificate Issuer. |
| Cipher Suite | cipher | String | The negotiated cipher suite. |
| Client Cipher Suites | client_ciphers | String[] | The client cipher suites that were exchanged during the TLS handshake negotiation. |
| Extension List | extension_list | TLS Extension[] | The list of TLS extensions.
|
| Handshake Duration | handshake_dur | Integer | The amount of total time for the TLS handshake to complete after the TCP connection is established, including client-side delays, in milliseconds. |
| JA3 Hash | ja3_hash | Fingerprint[] | Entity: |
| JA3S Hash | ja3s_hash | Fingerprint[] | Entity: |
| Key Length | key_length | Integer | The length of the encryption key. |
| Raw Data | raw_data | JSON | Group: |
| Record ID | record_id | String | Group: |
| Subject Alternative Names | sans | Subject Alternative Name[] | The list of subject alternative names that are secured by a specific certificate.
|
| Server Cipher Suites | server_ciphers | String[] | The server cipher suites that were exchanged during the TLS handshake negotiation. |
| Server Name Indication | sni | String | The Server Name Indication (SNI) extension sent by the client. |
| TLS Extension List | tls_extension_list | TLS Extension[] | The list of TLS extensions. |
| Unmapped | unmapped | Unmapped[] | Data from the source that was not mapped into the schema. |
| Version | version | String | The TLS protocol version. |
Relationships
Inbound Relationships
These objects and events reference Transport Layer Security (TLS) in their attributes:
- FTP Activity
- RDP Activity
- Airborne Broadcast Activity
- SSH Activity
- Network
- Unmanned Systems
- DHCP Activity
- NTP Activity
- Network Activity
- Web Resource Access Activity
- Drone Flights Activity
- Evidence Artifacts
- Network File Activity
- HTTP Activity
- Tunnel Activity
- Web Resources Activity
- SMB Activity
- DNS Activity
Outbound Relationships
Transport Layer Security (TLS) references the following objects and events in its attributes:
This page describes ocsf-1.4.0
Updated 6 months ago