What does zERT discovery manage and collect?

In order to understand zERT discovery processing and the information that zERT collects and records, it is important to understand the distinction between application connections and security sessions:

  • An application connection is a TCP connection or Enterprise Extender (EE) connection (over UDP) over which two application programs communicate with each other.
  • A security session is an instance of a secure path between two endpoints as defined by a cryptographic security protocol. Examples are TLS/SSL sessions, SSH sessions, and IPSec tunnels (as they apply to a given application connection).
Note: An application connection may have zero or more security sessions at any given time. Since "no protection" is a valid cryptographic protection state, zERT even reports on connections that do not have any recognized cryptographic protection. Likewise, a connection may be simultaneously protected by multiple security sessions, such as a TLS session and an IPSec tunnel. zERT collects and reports information for all of these scenarios.