Transport Layer Security (TLS)

The Transport Layer Security (TLS) object describes the negotiated TLS protocol used for secure communications over an establish network connection.

Attributes

Caption	Name	Type	Description
Client TLS Alert	`alert`	Integer	The integer value of TLS alert if present. The alerts are defined in the TLS specification in RFC-2246.
Certificate	`certificate`	Digital Certificate[]	The certificate object containing information about the digital certificate.
Certificate Chain	`certificate_chain`	String[]	The Chain of Certificate Serial Numbers field provides a chain of Certificate Issuer Serial Numbers leading to the Root Certificate Issuer.
Cipher Suite	`cipher`	String	The negotiated cipher suite.
Client Cipher Suites	`client_ciphers`	String[]	The client cipher suites that were exchanged during the TLS handshake negotiation.
Extension List	`extension_list`	TLS Extension[]	The list of TLS extensions. 🚧 WARNING: DEPRECATED Extension List has been deprecated since 1.1.0. Use the `tls_extension_list` attribute instead.
Handshake Duration	`handshake_dur`	Integer	The amount of total time for the TLS handshake to complete after the TCP connection is established, including client-side delays, in milliseconds.
JA3 Fingerprint	`ja3_fingerprint`	Fingerprint[]	The fingerprint of JA3 string. 🚧 WARNING: DEPRECATED JA3 Fingerprint has been deprecated since 1.1.0. Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0
JA3 Hash	`ja3_hash`	Fingerprint[]	The MD5 hash of a JA3 string.
JA3 String	`ja3_string`	String	The JA3 string. 🚧 WARNING: DEPRECATED JA3 String has been deprecated since 1.1.0. Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0
JAS3 Fingerprint	`ja3s_fingerprint`	Fingerprint[]	The fingerprint of JAS3 string. 🚧 WARNING: DEPRECATED JAS3 Fingerprint has been deprecated since 1.1.0. Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0
JA3S Hash	`ja3s_hash`	Fingerprint[]	The MD5 hash of a JA3S string.
JAS3 String	`ja3s_string`	String	The JAS3 string. 🚧 WARNING: DEPRECATED JAS3 String has been deprecated since 1.1.0. Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0
Key Length	`key_length`	Integer	The length of the encryption key.
Raw Data	`raw_data`	JSON	The event data as received from the event source.
Record ID	`record_id`	String	Unique identifier for the object
Subject Alternative Names	`sans`	Subject Alternative Name[]	The list of subject alternative names that are secured by a specific certificate.
Server Cipher Suites	`server_ciphers`	String[]	The server cipher suites that were exchanged during the TLS handshake negotiation.
Server Name Indication	`sni`	String	The Server Name Indication (SNI) extension sent by the client.
TLS Extension List	`tls_extension_list`	TLS Extension[]	The list of TLS extensions.
Unmapped Data	`unmapped`	Unmapped[]	The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source.
Version	`version`	String	The TLS protocol version.

Relationships

Inbound Relationships

These objects and events reference Transport Layer Security (TLS) in their attributes:

Outbound Relationships

Transport Layer Security (TLS) references the following objects and events in its attributes:

This page describes qdm-1.3.2+ocsf-1.3.0