base/bif/plugins/Bro_X509.events.bif.bro¶
-
GLOBAL¶
| Namespace: | GLOBAL |
|---|---|
| Source File: | /scripts/base/bif/plugins/Bro_X509.events.bif.bro |
Summary¶
Events¶
x509_certificate: event |
Generated for encountered X509 certificates, e.g., in the clear SSL/TLS connection handshake. |
x509_ext_basic_constraints: event |
Generated for the X509 basic constraints extension seen in a certificate. |
x509_ext_subject_alternative_name: event |
Generated for the X509 subject alternative name extension seen in a certificate. |
x509_extension: event |
Generated for X509 extensions seen in a certificate. |
x509_ocsp_ext_signed_certificate_timestamp: event |
Generated for the signed_certificate_timestamp X509 extension as defined in RFC 6962. |
Detailed Interface¶
Events¶
-
x509_certificate¶ Type: event(f:fa_file, cert_ref:opaqueof x509, cert:X509::Certificate)Generated for encountered X509 certificates, e.g., in the clear SSL/TLS connection handshake.
See Wikipedia for more information about the X.509 format.
F: The file. Cert_ref: An opaque pointer to the underlying OpenSSL data structure of the certificate. Cert: The parsed certificate information. See also:
x509_extension,x509_ext_basic_constraints,x509_ext_subject_alternative_name,x509_parse,x509_verify,x509_get_certificate_string,x509_ocsp_ext_signed_certificate_timestamp
-
x509_ext_basic_constraints¶ Type: event(f:fa_file, ext:X509::BasicConstraints)Generated for the X509 basic constraints extension seen in a certificate. This extension can be used to identify the subject of a certificate as a CA.
F: The file. Ext: The parsed basic constraints extension. See also:
x509_certificate,x509_extension,x509_ext_subject_alternative_name,x509_parse,x509_verify,x509_get_certificate_string,x509_ocsp_ext_signed_certificate_timestamp
-
x509_ext_subject_alternative_name¶ Type: event(f:fa_file, ext:X509::SubjectAlternativeName)Generated for the X509 subject alternative name extension seen in a certificate. This extension can be used to allow additional entities to be bound to the subject of the certificate. Usually it is used to specify one or multiple DNS names for which a certificate is valid.
F: The file. Ext: The parsed subject alternative name extension. See also:
x509_certificate,x509_extension,x509_ext_basic_constraints,x509_parse,x509_verify,x509_ocsp_ext_signed_certificate_timestamp,x509_get_certificate_string
-
x509_extension¶ Type: event(f:fa_file, ext:X509::Extension)Generated for X509 extensions seen in a certificate.
See Wikipedia for more information about the X.509 format.
F: The file. Ext: The parsed extension. See also:
x509_certificate,x509_ext_basic_constraints,x509_ext_subject_alternative_name,x509_parse,x509_verify,x509_get_certificate_string,x509_ocsp_ext_signed_certificate_timestamp
-
x509_ocsp_ext_signed_certificate_timestamp¶ Type: event(f:fa_file, version:count, logid:string, timestamp:count, hash_algorithm:count, signature_algorithm:count, signature:string)Generated for the signed_certificate_timestamp X509 extension as defined in RFC 6962. The extension is used to transmit signed proofs that are used for Certificate Transparency. Raised when the extension is encountered in an X.509 certificate or in an OCSP reply.
F: The file. Version: the version of the protocol to which the SCT conforms. Always should be 0 (representing version 1) Logid: 32 bit key id Timestamp: the NTP Time when the entry was logged measured since the epoch, ignoring leap seconds, in milliseconds. Signature_and_hashalgorithm: signature and hash algorithm used for the digitally_signed struct Signature: signature part of the digitally_signed struct See also:
ssl_extension_signed_certificate_timestamp,x509_extension,x509_ext_basic_constraints,x509_parse,x509_verify,x509_ext_subject_alternative_name,x509_get_certificate_stringssl_extension_signed_certificate_timestamp,sct_verify,ocsp_request,ocsp_request_certificate,ocsp_response_status,ocsp_response_bytes,ocsp_response_certificate,x509_ocsp_ext_signed_certificate_timestamp
