base/bif/plugins/Zeek_X509.events.bif.zeek¶
-
GLOBAL
¶
- Namespace
GLOBAL
Summary¶
Events¶
Generated for encountered X509 certificates, e.g., in the clear SSL/TLS connection handshake. |
|
Generated for the X509 basic constraints extension seen in a certificate. |
|
Generated for the X509 subject alternative name extension seen in a certificate. |
|
Generated for X509 extensions seen in a certificate. |
|
Generated for the signed_certificate_timestamp X509 extension as defined in RFC 6962. |
Detailed Interface¶
Events¶
-
x509_certificate
¶ - Type
event
(f:fa_file
, cert_ref:opaque
of x509, cert:X509::Certificate
)
Generated for encountered X509 certificates, e.g., in the clear SSL/TLS connection handshake.
See Wikipedia for more information about the X.509 format.
- F
The file.
- Cert_ref
An opaque pointer to the underlying OpenSSL data structure of the certificate.
- Cert
The parsed certificate information.
See also:
x509_extension
,x509_ext_basic_constraints
,x509_ext_subject_alternative_name
,x509_parse
,x509_verify
,x509_get_certificate_string
,x509_ocsp_ext_signed_certificate_timestamp
-
x509_ext_basic_constraints
¶ - Type
event
(f:fa_file
, ext:X509::BasicConstraints
)
Generated for the X509 basic constraints extension seen in a certificate. This extension can be used to identify the subject of a certificate as a CA.
- F
The file.
- Ext
The parsed basic constraints extension.
See also:
x509_certificate
,x509_extension
,x509_ext_subject_alternative_name
,x509_parse
,x509_verify
,x509_get_certificate_string
,x509_ocsp_ext_signed_certificate_timestamp
-
x509_ext_subject_alternative_name
¶ - Type
event
(f:fa_file
, ext:X509::SubjectAlternativeName
)
Generated for the X509 subject alternative name extension seen in a certificate. This extension can be used to allow additional entities to be bound to the subject of the certificate. Usually it is used to specify one or multiple DNS names for which a certificate is valid.
- F
The file.
- Ext
The parsed subject alternative name extension.
See also:
x509_certificate
,x509_extension
,x509_ext_basic_constraints
,x509_parse
,x509_verify
,x509_ocsp_ext_signed_certificate_timestamp
,x509_get_certificate_string
-
x509_extension
¶ - Type
event
(f:fa_file
, ext:X509::Extension
)
Generated for X509 extensions seen in a certificate.
See Wikipedia for more information about the X.509 format.
- F
The file.
- Ext
The parsed extension.
See also:
x509_certificate
,x509_ext_basic_constraints
,x509_ext_subject_alternative_name
,x509_parse
,x509_verify
,x509_get_certificate_string
,x509_ocsp_ext_signed_certificate_timestamp
-
x509_ocsp_ext_signed_certificate_timestamp
¶ - Type
event
(f:fa_file
, version:count
, logid:string
, timestamp:count
, hash_algorithm:count
, signature_algorithm:count
, signature:string
)
Generated for the signed_certificate_timestamp X509 extension as defined in RFC 6962. The extension is used to transmit signed proofs that are used for Certificate Transparency. Raised when the extension is encountered in an X.509 certificate or in an OCSP reply.
- F
The file.
- Version
the version of the protocol to which the SCT conforms. Always should be 0 (representing version 1)
- Logid
32 bit key id
- Timestamp
the NTP Time when the entry was logged measured since the epoch, ignoring leap seconds, in milliseconds.
- Signature_and_hashalgorithm
signature and hash algorithm used for the digitally_signed struct
- Signature
signature part of the digitally_signed struct
See also:
ssl_extension_signed_certificate_timestamp
,x509_extension
,x509_ext_basic_constraints
,x509_parse
,x509_verify
,x509_ext_subject_alternative_name
,x509_get_certificate_string
ssl_extension_signed_certificate_timestamp
,sct_verify
,ocsp_request
,ocsp_request_certificate
,ocsp_response_status
,ocsp_response_bytes
,ocsp_response_certificate
,x509_ocsp_ext_signed_certificate_timestamp