Transport Layer Security (TLS)
The Transport Layer Security (TLS) object describes the negotiated TLS protocol used for secure communications over an establish network connection.
Attributes
Caption | Name | Type | Description |
---|---|---|---|
Client TLS Alert | alert |
Integer | The integer value of TLS alert if present. The alerts are defined in the TLS specification in RFC-2246. |
Certificate | certificate |
Digital Certificate[] | The certificate object containing information about the digital certificate. |
Certificate Chain | certificate_chain |
String[] | The Chain of Certificate Serial Numbers field provides a chain of Certificate Issuer Serial Numbers leading to the Root Certificate Issuer. |
Cipher Suite | cipher |
String | The negotiated cipher suite. |
Client Cipher Suites | client_ciphers |
String[] | The client cipher suites that were exchanged during the TLS handshake negotiation. |
Extension List | extension_list |
TLS Extension[] |
The list of TLS extensions.
|
Handshake Duration | handshake_dur |
Integer | The amount of total time for the TLS handshake to complete after the TCP connection is established, including client-side delays, in milliseconds. |
JA3 Fingerprint | ja3_fingerprint |
Fingerprint[] |
The fingerprint of JA3 string.
|
JA3 Hash | ja3_hash |
Fingerprint[] | The MD5 hash of a JA3 string. |
JA3 String | ja3_string |
String |
The JA3 string.
|
JAS3 Fingerprint | ja3s_fingerprint |
Fingerprint[] |
The fingerprint of JAS3 string.
|
JA3S Hash | ja3s_hash |
Fingerprint[] | The MD5 hash of a JA3S string. |
JAS3 String | ja3s_string |
String |
The JAS3 string.
|
Key Length | key_length |
Integer | The length of the encryption key. |
Raw Data | raw_data |
JSON | The event data as received from the event source. |
Record ID | record_id |
String | Unique identifier for the object |
Subject Alternative Names | sans |
Subject Alternative Name[] | The list of subject alternative names that are secured by a specific certificate. |
Server Cipher Suites | server_ciphers |
String[] | The server cipher suites that were exchanged during the TLS handshake negotiation. |
Server Name Indication | sni |
String | The Server Name Indication (SNI) extension sent by the client. |
TLS Extension List | tls_extension_list |
TLS Extension[] | The list of TLS extensions. |
Unmapped Data | unmapped |
Unmapped[] | The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source. |
Version | version |
String | The TLS protocol version. |
Relationships
Inbound Relationships
These objects and events reference Transport Layer Security (TLS) in their attributes:
- SSH Activity
- Network Activity
- Network File Activity
- RDP Activity
- Network
- SMB Activity
- Web Resources Activity
- Tunnel Activity
- HTTP Activity
- FTP Activity
- NTP Activity
- DHCP Activity
- DNS Activity
- Web Resource Access Activity
Outbound Relationships
Transport Layer Security (TLS) references the following objects and events in its attributes:
This page describes qdm-1.3.2+ocsf-1.3.0
Updated about 2 months ago