Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Clarify where to place x509 field set #1044

Closed
andrewkroh opened this issue Oct 22, 2020 · 1 comment · Fixed by #1114
Closed

Clarify where to place x509 field set #1044

andrewkroh opened this issue Oct 22, 2020 · 1 comment · Fixed by #1114
Labels
1.7.0 1.8.0 bug Something isn't working ready Issues we'd like to address in the future.

Comments

@andrewkroh
Copy link
Member

Description of the issue:

The ECS docs say

When only a single certificate is logged in an event, it should be nested under file.

This could be interpreted to apply when dealing with a TLS connection where only the server presents a certificate. The text here could be reworked to clarify when to use file vs tls.server/client.

@andrewkroh andrewkroh added the bug Something isn't working label Oct 22, 2020
@webmat
Copy link
Contributor

webmat commented Oct 22, 2020

Yes, that comment was for other kinds of events, like file events that also refer to a cert, like code signatures.

If it's a TLS, it should indeed be either tls.server or .client.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
1.7.0 1.8.0 bug Something isn't working ready Issues we'd like to address in the future.
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants