SSL inspection events

The table below lists the keys and values in a message with the SSL Inspection event type.

Information about an event with the SSL Inspection event type

Key

Value

cs4

cs4Label

Event priority.

Always Medium.

This value is displayed by default.

devicePayloadId

Session ID.

deviceDirection

Connection direction from the raw event. Possible values:

  • 0 – request
  • 1 – response

cs1

cs1Label

Name of the web category of the visited domain.

If there are multiple such web categories, any value from the list is recorded.

If no category was determined, the value is Uncategorized.

This value is displayed by default.

cs3

cs3Label

Sources of the detection.

If the detection object is absent from the local databases (if the domain is not found), it belongs to the Uncategorized group and the field is left empty.

Possible values:

  • Local
  • Empty field

rt

Date and time when the event was generated on the Kaspersky NGFW device (the session was removed and ended up in the Kaspersky NGFW Session manager).

Format: 2023-12-26T12:31:54Z.

dtz

Time zone on the device

dvchost

Host name of the Kaspersky NGFW device.

This value is displayed by default.

src

Source IP address.

This value is displayed by default.

dst

Destination IP address.

This value is displayed by default.

proto

L3–L4 protocol.

Always TCP.

This value is displayed by default.

spt

Source port.

dpt

Destination port.

app

L7 protocol from the Application Control detection.

cat

List of all categories that the visited domain matched.

If no category was determined, the value is Uncategorized.

This value is displayed by default.

msg

Body of the message.

Format: <Error text>. <Clarifying reason (optonal)>.

Event variants:

  • Decryption error. The SSL version being used is earlier than specified in the settings.
  • Decryption error. Other error.

    For details, see the system event logs.

  • ClientCertificateRequest – Decryption error. The server has requested a client certificate, but the certificate is missing.
  • CipherReduction – Decryption error. The client is using unsupported ciphers.
  • ServerCertificateSigAlgorithm – Decryption error. Unsupported server certificate signature algorithm.
  • FailedChannelBindingAuthorization – Decryption error. The server requires SSL integrity verification.
  • ClientCertificateAlert – Decryption error. The client rejected the generated certificate.
  • Server certificate validation failed. <Text of the reason for the server certificate validation error>.
  • SSL exception by domain name.
  • SSL exception by web category.

This value is displayed by default.

reason

Reason for the error when validating the certificate.

This field is filled only for the Server certificate validation error message.

DestinationDnsDomain

Domain name (one per session).

This value is displayed by default.

externalId

Session ID.

Page top