Class: Tls
The Transport Layer Security (TLS) object describes the negotiated TLS protocol
used for secure communications over an establish network connection.
URI: ocsf:Tls
classDiagram
class Tls
click Tls href "../Tls/"
Object <|-- Tls
click Object href "../Object/"
Tls : alert
Tls : certificate
Tls --> "0..1 _recommended_" Certificate : certificate
click Certificate href "../Certificate/"
Tls : certificate_chain
Tls : cipher
Tls : client_ciphers
Tls : extension_list
Tls --> "*" TlsExtension : extension_list
click TlsExtension href "../TlsExtension/"
Tls : handshake_dur
Tls : ja3_hash
Tls --> "0..1 _recommended_" Fingerprint : ja3_hash
click Fingerprint href "../Fingerprint/"
Tls : ja3s_hash
Tls --> "0..1 _recommended_" Fingerprint : ja3s_hash
click Fingerprint href "../Fingerprint/"
Tls : key_length
Tls : sans
Tls --> "*" San : sans
click San href "../San/"
Tls : server_ciphers
Tls : sni
Tls : tls_extension_list
Tls --> "*" TlsExtension : tls_extension_list
click TlsExtension href "../TlsExtension/"
Tls : version
Inheritance
- OcsfObject
- Object
- Tls
- Object
Slots
| Name | Cardinality and Range | Description | Inheritance |
|---|---|---|---|
| alert | 0..1 Integer |
The integer value of TLS alert if present | direct |
| certificate | 0..1 recommended Certificate |
The certificate object containing information about the digital certificate | direct |
| certificate_chain | * recommended String |
The Chain of Certificate Serial Numbers field provides a chain of Certificate | direct |
| cipher | 0..1 recommended String |
The negotiated cipher suite | direct |
| client_ciphers | * recommended String |
The client cipher suites that were exchanged during the TLS handshake | direct |
| extension_list | * TlsExtension |
The list of TLS extensions | direct |
| handshake_dur | 0..1 Integer |
The amount of total time for the TLS handshake to complete after the TCP | direct |
| ja3_hash | 0..1 recommended Fingerprint |
The MD5 hash of a JA3 string | direct |
| ja3s_hash | 0..1 recommended Fingerprint |
The MD5 hash of a JA3S string | direct |
| key_length | 0..1 Integer |
The length of the encryption key | direct |
| sans | * San |
The list of subject alternative names that are secured by a specific | direct |
| server_ciphers | * String |
The server cipher suites that were exchanged during the TLS handshake | direct |
| sni | 0..1 recommended String |
The Server Name Indication (SNI) extension sent by the client | direct |
| tls_extension_list | * TlsExtension |
The list of TLS extensions | direct |
| version | 1 String |
The TLS protocol version | direct |
Usages
In Subsets
Aliases
- Transport Layer Security (TLS)
Identifier and Mapping Information
Schema Source
- from schema: https://w3id.org/lmodel/ocsf
Mappings
| Mapping Type | Mapped Value |
|---|---|
| self | ocsf:Tls |
| native | ocsf:Tls |
LinkML Source
Direct
name: Tls
description: 'The Transport Layer Security (TLS) object describes the negotiated TLS
protocol
used for secure communications over an establish network connection.'
in_subset:
- objects_subset
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Transport Layer Security (TLS)
is_a: Object
slots:
- alert
- certificate
- certificate_chain
- cipher
- client_ciphers
- extension_list
- handshake_dur
- ja3_hash
- ja3s_hash
- key_length
- sans
- server_ciphers
- sni
- tls_extension_list
- version
slot_usage:
certificate:
name: certificate
recommended: true
certificate_chain:
name: certificate_chain
recommended: true
cipher:
name: cipher
recommended: true
client_ciphers:
name: client_ciphers
recommended: true
ja3_hash:
name: ja3_hash
recommended: true
ja3s_hash:
name: ja3s_hash
recommended: true
sans:
name: sans
deprecated: Use <code>tls.certificate.sans</code> attribute instead.
sni:
name: sni
recommended: true
version:
name: version
description: The TLS protocol version.
required: true
Induced
name: Tls
description: 'The Transport Layer Security (TLS) object describes the negotiated TLS
protocol
used for secure communications over an establish network connection.'
in_subset:
- objects_subset
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Transport Layer Security (TLS)
is_a: Object
slot_usage:
certificate:
name: certificate
recommended: true
certificate_chain:
name: certificate_chain
recommended: true
cipher:
name: cipher
recommended: true
client_ciphers:
name: client_ciphers
recommended: true
ja3_hash:
name: ja3_hash
recommended: true
ja3s_hash:
name: ja3s_hash
recommended: true
sans:
name: sans
deprecated: Use <code>tls.certificate.sans</code> attribute instead.
sni:
name: sni
recommended: true
version:
name: version
description: The TLS protocol version.
required: true
attributes:
alert:
name: alert
description: 'The integer value of TLS alert if present. The alerts are defined
in the TLS
specification in <a target=''_blank''
href=''https://datatracker.ietf.org/doc/html/rfc2246''>RFC-2246</a>.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Client TLS Alert
rank: 1000
alias: alert
owner: Tls
domain_of:
- Tls
range: integer
certificate:
name: certificate
description: The certificate object containing information about the digital certificate.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Certificate
rank: 1000
alias: certificate
owner: Tls
domain_of:
- Sso
- Tls
- DigitalSignature
- Authentication
range: Certificate
recommended: true
certificate_chain:
name: certificate_chain
description: 'The Chain of Certificate Serial Numbers field provides a chain of
Certificate
Issuer Serial Numbers leading to the Root Certificate Issuer.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Certificate Chain
rank: 1000
alias: certificate_chain
owner: Tls
domain_of:
- Tls
- RdpActivity
range: string
recommended: true
multivalued: true
cipher:
name: cipher
description: The negotiated cipher suite.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Cipher Suite
rank: 1000
alias: cipher
owner: Tls
domain_of:
- Tls
range: string
recommended: true
client_ciphers:
name: client_ciphers
description: 'The client cipher suites that were exchanged during the TLS handshake
negotiation.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Client Cipher Suites
rank: 1000
alias: client_ciphers
owner: Tls
domain_of:
- Tls
range: string
recommended: true
multivalued: true
extension_list:
name: extension_list
description: The list of TLS extensions.
deprecated: Use the <code>tls_extension_list</code> attribute instead. (since
1.1.0)
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Extension List
rank: 1000
alias: extension_list
owner: Tls
domain_of:
- Tls
range: TlsExtension
multivalued: true
handshake_dur:
name: handshake_dur
description: 'The amount of total time for the TLS handshake to complete after
the TCP
connection is established, including client-side delays, in milliseconds.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Handshake Duration
rank: 1000
alias: handshake_dur
owner: Tls
domain_of:
- Tls
range: integer
ja3_hash:
name: ja3_hash
description: The MD5 hash of a JA3 string.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- JA3 Hash
rank: 1000
alias: ja3_hash
owner: Tls
domain_of:
- Tls
range: Fingerprint
recommended: true
ja3s_hash:
name: ja3s_hash
description: The MD5 hash of a JA3S string.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- JA3S Hash
rank: 1000
alias: ja3s_hash
owner: Tls
domain_of:
- Tls
range: Fingerprint
recommended: true
key_length:
name: key_length
description: The length of the encryption key.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Key Length
rank: 1000
alias: key_length
owner: Tls
domain_of:
- Tls
- EncryptionDetails
range: integer
sans:
name: sans
description: 'The list of subject alternative names that are secured by a specific
certificate.'
deprecated: Use <code>tls.certificate.sans</code> attribute instead.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Subject Alternative Names
rank: 1000
alias: sans
owner: Tls
domain_of:
- Tls
- Certificate
range: San
multivalued: true
server_ciphers:
name: server_ciphers
description: 'The server cipher suites that were exchanged during the TLS handshake
negotiation.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Server Cipher Suites
rank: 1000
alias: server_ciphers
owner: Tls
domain_of:
- Tls
range: string
multivalued: true
sni:
name: sni
description: ' The Server Name Indication (SNI) extension sent by the client.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Server Name Indication
rank: 1000
alias: sni
owner: Tls
domain_of:
- Tls
range: string
recommended: true
tls_extension_list:
name: tls_extension_list
description: The list of TLS extensions.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- TLS Extension List
rank: 1000
alias: tls_extension_list
owner: Tls
domain_of:
- Tls
range: TlsExtension
multivalued: true
version:
name: version
description: The TLS protocol version.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Version
rank: 1000
alias: version
owner: Tls
domain_of:
- Os
- Package
- RpcInterface
- Sbom
- Scim
- SoftwareComponent
- Tls
- Agent
- AiModel
- Analytic
- Api
- ApplicationObject
- Attack
- Certificate
- Check
- CisControl
- CisCsc
- Cvss
- D3fend
- Databucket
- Epss
- Extension
- Feature
- File
- HttpRequest
- Logger
- ManagedEntity
- Metadata
- Policy
- Product
- ResourceDetails
- Rule
- Service
- NtpActivity
range: string
required: true