Transport Layer Security (TLS)

tls

The Transport Layer Security (TLS) object describes the negotiated TLS protocol used for secure communications over an establish network connection.

Attributes

CaptionNameTypeDescription
Client TLS AlertalertInteger

The integer value of TLS alert if present. The alerts are defined in the TLS specification in RFC-2246.

CertificatecertificateDigital Certificate[]

The certificate object containing information about the digital certificate.

Certificate Chaincertificate_chainString[]

The Chain of Certificate Serial Numbers field provides a chain of Certificate Issuer Serial Numbers leading to the Root Certificate Issuer.

Cipher SuitecipherString

The negotiated cipher suite.

Client Cipher Suitesclient_ciphersString[]

The client cipher suites that were exchanged during the TLS handshake negotiation.

Extension Listextension_listTLS Extension[]

The list of TLS extensions.

🚧 WARNING: DEPRECATED

Extension List has been deprecated since 1.1.0. Use the tls_extension_list attribute instead.

Handshake Durationhandshake_durInteger

The amount of total time for the TLS handshake to complete after the TCP connection is established, including client-side delays, in milliseconds.

JA3 Hashja3_hashFingerprint[]

Entity:FINGERPRINT
The MD5 hash of a JA3 string.

JA3S Hashja3s_hashFingerprint[]

Entity:FINGERPRINT
The MD5 hash of a JA3S string.

Key Lengthkey_lengthInteger

The length of the encryption key.

Raw Dataraw_dataJSON

Group:context
The event data as received from the event source.

Record IDrecord_idString

Group:primary
Unique identifier for the object

Subject Alternative NamessansSubject Alternative Name[]

The list of subject alternative names that are secured by a specific certificate.

🚧 WARNING: DEPRECATED

Subject Alternative Names has been deprecated since 1.4.0. Use tls.certificate.sans attribute instead.

Server Cipher Suitesserver_ciphersString[]

The server cipher suites that were exchanged during the TLS handshake negotiation.

Server Name IndicationsniString

The Server Name Indication (SNI) extension sent by the client.

TLS Extension Listtls_extension_listTLS Extension[]

The list of TLS extensions.

UnmappedunmappedUnmapped[]

Data from the source that was not mapped into the schema.

VersionversionString

The TLS protocol version.

Relationships

Transport Layer Security (TLS) shown in context

Inbound Relationships

These objects and events reference Transport Layer Security (TLS) in their attributes:

Outbound Relationships

Transport Layer Security (TLS) references the following objects and events in its attributes:

This page describes ocsf-1.4.0