All Apps and Add-ons

Can you help me translate/transcribe ssl_version values in Stream app SSLActivity source?

bryan_dady
Explorer

I can't find an affirmative document / release note, so if you know, please clarify when this ssl_version field was added to the Splunk Stream app.

I am trying to add the ssl_version field to a dashboard, But the values showing in this field do not match up to SSL/TLS versions I recognize.

We're running Splunk Stream 7.1.2 on Splunk Enterprise 6.6.7. I don't find any field reference in the current Stream App documentation, or in Stream Field Details.

The sample events I'm seeing are all showing a value of "3.3".

0 Karma
1 Solution

bryan_dady
Explorer

I think I got it - I hope this is helpful to others ...

| eval tls_version = case(ssl_version=="3.1", "1.0", ssl_version=="3.2", "1.1", ssl_version=="3.3", "1.2", ssl_version=="undefined", "n/a", true(), "other")

View solution in original post

0 Karma

bryan_dady
Explorer

I think I got it - I hope this is helpful to others ...

| eval tls_version = case(ssl_version=="3.1", "1.0", ssl_version=="3.2", "1.1", ssl_version=="3.3", "1.2", ssl_version=="undefined", "n/a", true(), "other")
0 Karma
Get Updates on the Splunk Community!

Using Machine Learning for Hunting Security Threats

WATCH NOW Seeing the exponential hike in global cyber threat spectrum, organizations are now striving more for ...

New Learning Videos on Topics Most Requested by You! Plus This Month’s New Splunk ...

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

How I Instrumented a Rust Application Without Knowing Rust

As a technical writer, I often have to edit or create code snippets for Splunk's distributions of ...