Expand description
This implements the common core fields for x509 certificates. This information is likely logged with TLS sessions, digital signatures found in executable binaries, S/MIME information in email bodies, or analysis of files on disk.
When the certificate relates to a file, use the fields at file.x509. When hashes of the DER-encoded certificate are available, the hash data set should be populated as well (e.g. file.hash.sha256).
Events that contain certificate information about network connections, should use the x509 fields under the relevant TLS fields: tls.server.x509 and/or tls.client.x509.
Constantsยง
- X509_
ALTERNATIVE_ NAMES - List of subject alternative names (SAN). Name types vary by certificate authority and certificate type but commonly contain IP addresses, DNS names (and wildcards), and email addresses.
- X509_
ISSUER_ COMMON_ NAME - List of common name (CN) of issuing certificate authority.
- X509_
ISSUER_ COUNTRY - List of country (C) codes
- X509_
ISSUER_ DISTINGUISHED_ NAME - Distinguished name (DN) of issuing certificate authority.
- X509_
ISSUER_ LOCALITY - List of locality names (L)
- X509_
ISSUER_ ORGANIZATION - List of organizations (O) of issuing certificate authority.
- X509_
ISSUER_ ORGANIZATIONAL_ UNIT - List of organizational units (OU) of issuing certificate authority.
- X509_
ISSUER_ STATE_ OR_ PROVINCE - List of state or province names (ST, S, or P)
- X509_
NOT_ AFTER - Time at which the certificate is no longer considered valid.
- X509_
NOT_ BEFORE - Time at which the certificate is first considered valid.
- X509_
PUBLIC_ KEY_ ALGORITHM - Algorithm used to generate the public key.
- X509_
PUBLIC_ KEY_ CURVE - The curve used by the elliptic curve public key algorithm. This is algorithm specific.
- X509_
PUBLIC_ KEY_ EXPONENT - Exponent used to derive the public key. This is algorithm specific.
- X509_
PUBLIC_ KEY_ SIZE - The size of the public key space in bits.
- X509_
SERIAL_ NUMBER - Unique serial number issued by the certificate authority. For consistency, if this value is alphanumeric, it should be formatted without colons and uppercase characters.
- X509_
SIGNATURE_ ALGORITHM - Identifier for certificate signature algorithm. We recommend using names found in Go Lang Crypto library. See https://github.com/golang/go/blob/go1.14/src/crypto/x509/x509.go#L337-L353.
- X509_
SUBJECT_ COMMON_ NAME - List of common names (CN) of subject.
- X509_
SUBJECT_ COUNTRY - List of country (C) code
- X509_
SUBJECT_ DISTINGUISHED_ NAME - Distinguished name (DN) of the certificate subject entity.
- X509_
SUBJECT_ LOCALITY - List of locality names (L)
- X509_
SUBJECT_ ORGANIZATION - List of organizations (O) of subject.
- X509_
SUBJECT_ ORGANIZATIONAL_ UNIT - List of organizational units (OU) of subject.
- X509_
SUBJECT_ STATE_ OR_ PROVINCE - List of state or province names (ST, S, or P)
- X509_
VERSION_ NUMBER - Version of x509 format.