Transport Layer Security (TLS)
tls
The Transport Layer Security (TLS) object describes the negotiated TLS protocol used for secure communications over an establish network connection.
Attributes
Caption | Name | Type | Description |
---|---|---|---|
Client TLS Alert | alert | Integer | The integer value of TLS alert if present. The alerts are defined in the TLS specification in RFC-2246. |
Certificate | certificate | Digital Certificate[] | The certificate object containing information about the digital certificate. |
Certificate Chain | certificate_chain | String[] | The Chain of Certificate Serial Numbers field provides a chain of Certificate Issuer Serial Numbers leading to the Root Certificate Issuer. |
Cipher Suite | cipher | String | The negotiated cipher suite. |
Client Cipher Suites | client_ciphers | String[] | The client cipher suites that were exchanged during the TLS handshake negotiation. |
Extension List | extension_list | TLS Extension[] | The list of TLS extensions.
|
Handshake Duration | handshake_dur | Integer | The amount of total time for the TLS handshake to complete after the TCP connection is established, including client-side delays, in milliseconds. |
JA3 Hash | ja3_hash | Fingerprint[] | Entity: |
JA3S Hash | ja3s_hash | Fingerprint[] | Entity: |
Key Length | key_length | Integer | The length of the encryption key. |
Raw Data | raw_data | JSON | Group: |
Record ID | record_id | String | Group: |
Subject Alternative Names | sans | Subject Alternative Name[] | The list of subject alternative names that are secured by a specific certificate.
|
Server Cipher Suites | server_ciphers | String[] | The server cipher suites that were exchanged during the TLS handshake negotiation. |
Server Name Indication | sni | String | The Server Name Indication (SNI) extension sent by the client. |
TLS Extension List | tls_extension_list | TLS Extension[] | The list of TLS extensions. |
Unmapped | unmapped | Unmapped[] | Data from the source that was not mapped into the schema. |
Version | version | String | The TLS protocol version. |
Relationships
Inbound Relationships
These objects and events reference Transport Layer Security (TLS) in their attributes:
- FTP Activity
- RDP Activity
- Airborne Broadcast Activity
- SSH Activity
- Network
- Unmanned Systems
- DHCP Activity
- NTP Activity
- Network Activity
- Web Resource Access Activity
- Drone Flights Activity
- Evidence Artifacts
- Network File Activity
- HTTP Activity
- Tunnel Activity
- Web Resources Activity
- SMB Activity
- DNS Activity
Outbound Relationships
Transport Layer Security (TLS) references the following objects and events in its attributes:
This page describes ocsf-1.4.0
Updated 12 days ago