Skip to content

Zeek SSL

Zeek ssl.log

SSL/TLS handshake info

Failed to Establish TLS Session

{
    "@timestamp": "2021-01-18T19:19:19.760Z",
    "agent": {
        "hostname": "sensor-dev",
        "name": "sensor-dev",
        "id": "6bf5192e-e2f1-49bb-ab7a-c04c26381e7e",
        "ephemeral_id": "9b5aa2d4-1b54-4c25-bd2d-61cd592d34f4",
        "type": "filebeat",
        "version": "7.9.2"
    },
    "client": {
        "address": "127.0.0.1"
    },
    "destination": {
        "address": "127.0.0.1",
        "port": 47763,
        "ip": "127.0.0.1"
    },
    "ecs": {
        "version": "1.5.0"
    },
    "event": {
        "kind": [
            "connection",
            "protocol"
        ],
        "created": "2021-01-18T19:35:11.917623174Z",
        "module": "zeek",
        "id": "CgJFJV0S7TpYJkc1e",
        "category": [
            "network"
        ],
        "dataset": "zeek.ssl"
    },
    "fields": {
        "originating_agent_tag": "sensordev_agt"
    },
    "fileset": {
        "name": "ssl"
    },
    "host": {
        "name": "sensor-dev"
    },
    "input": {
        "type": "log"
    },
    "log": {
        "file": {
            "path": "/opt/dynamite/zeek/logs/current/ssl.log"
        },
        "offset": 0
    },
    "network": {
        "community_id": "1:MIn0vYshYL45/ZjBgofGuA/a4fY=",
        "transport": "tcp"
    },
    "related": {
        "ip": [
            "127.0.0.1",
            "127.0.0.1"
        ]
    },
    "server": {
        "address": "127.0.0.1"
    },
    "service": {
        "type": "zeek"
    },
    "source": {
        "address": "127.0.0.1",
        "port": 60872,
        "ip": "127.0.0.1"
    },
    "tags": [
        "zeek.ssl"
    ],
    "tls": {
        "cipher": "TLS_ECDH_ANON_WITH_AES_256_CBC_SHA",
        "established": false,
        "curve": "secp384r1",
        "resumed": false,
        "version": "1.2",
        "version_protocol": "tls"
    },
    "zeek": {
        "session_id": "CgJFJV0S7TpYJkc1e",
        "ssl": {
            "cipher": "TLS_ECDH_ANON_WITH_AES_256_CBC_SHA",
            "established": false,
            "community_id": "1:MIn0vYshYL45/ZjBgofGuA/a4fY=",
            "curve": "secp384r1",
            "resumed": false,
            "version": "TLSv12"
        }
    }
}