- Notes, cautions, and warnings
- Introduction
- Requirements
- Download the software
- Verify the installation package
- Installation
- Uninstall Trusted Device
- Features
- Interoperability
- Run the BIOS Verification agent
- Results, troubleshooting, and remediation
The appsettings.json file requires modification for the Event Repository to properly communicate with the Docker Instance. Use the appsettings.json generator in the Event Repository container or modify the file manually with a text editor. The following table details the top-level elements of the appsettings.json file:
Name | Required | Description |
---|---|---|
Logging | No | Enables administrators to configure the methods with which the Event Repository generates logs. |
Tenant | Yes | Configuration of tenant information for this instance of the Event Repository. |
Upload | Yes | Configuration of the SIEM upload method. |
Tenant
The Tenant element configures the Event Repository with tenant information. Tenant information details the configuration necessary to control which computers can register with this Event Repository instance. The following table details the elements of the Tenant object:
Optionally, you can configure the appsettings generator to create a PbkdfTenantApiKey for PBKDF2 password storage.
Name | Required | Description |
---|---|---|
TenantName | Yes | The name of the tenant. This name is typically based on the company name or division. The TenantName should be unique in an organization. |
TenantApiKey | Yes | The TenantApiKey is a string that represents a password that a computer must provide during registration. |
PbkdfTenantApiKey | No | PbkdfTenantApiKey enables PBKDF2 password storage. |
TenantApiKeyHash | No | A hash value of the TenantApiKey.
NOTE:
|
Salt | No | The salt value used to hash the TenantApiKey.
NOTE:
|
RandomFunction | No | The function used to hash the TenantApiKey.
NOTE:
|
Iterations | No | The number of iterations used to generate the TenantApiKey hash.
NOTE:
|
TenantUUID | Yes | A string representing a GUID unique to this tenant.
NOTE: To create a GUID in Windows PowerShell, use the
new-guid command. For more information, see
this Microsoft article.
|
SigningCertificate | Yes | Also known as the Tenant Certificate. This certificate is used to sign the Identity Certificate generated during registration.
NOTE: The SigningCertificate value must match the JwtCertificate value or be derived from it.
|
JwtCertificate | Yes | The entire certificate chain used to validate bearer tokens generated by the computers. |
SigningCertficate
The SigningCertificate element requires the following entries:
The following table details the member used to describe the certificate and private key:
Name | Description |
---|---|
IssuerPublicCertsPem and IssuerPublicCertsFile | Provide one of the two choices. For IssuerPublicCertsPem, the string is the PEM encoded X509 certificate with newlines that are replaced with '\n' characters. For IssuerPublicCertsFile, the string is the path to the file containing the PEM encoded X509 certificate. |
IssuerPrivateKeyPem and IssuerPrivatekeyFile | Provide one of the two choices. For IssuerPrivateKeyPem, the string is the PEM encoded private key that is associated with the IssuerPublicCert. For IssuerPrivateKeyFile, the string is the path to the file containing the PEM encoded private key. In both cases, the private key must not be password that is protected. |
Upload
The Upload element details the connection to the SIEM solution. The following table details the Upload components:
Name | Required | Description |
---|---|---|
BaseFileName | Yes | A string containing a user-defined component of the filename used for log files. The name of the file is <date>-TenantName-BaseFileName.log |
OutputLocation | Yes | The path indicating the folder where the output log files are written. |
MaxFileSizeMb | Yes | The maximum size to which a log file can grow. When a log file exceeds this amount, the file is closed and a new log file is created. |
MaxActiveFileDays | Yes | The maximum amount of time, which is specified in days, for which a log file can be open. When the log file is open for longer than the time specified, it is closed, and a new log file is opened. |
MaxFileAge | Yes | The time log files persist in the output folder. Files older than this time period, which is specified in days, are deleted. |
Kestrel
The Kestrel element details the TLS connection. The following table details the Kestrel components:
Name | Required | Description |
---|---|---|
Endpoints | Yes | Details for the container listening ports. |
Http/Https | Yes | Protocol definitions for the docker listening ports. |
Pathbase | Yes | URI relative path with respect to the container (/devicesvr/api/v1). |
Url | Yes | The container protocol and listening port ( https://*:5001"). |
Certificate | Yes | Details of the certificate that is used for TLS connections to the container. |
Path | Yes | The location of the PKCS12 certificate (/app/certs/test.pfx). |
Password | Yes | Password to the PKCS12 certificate. |
To use the utility included with the Event Repository Docker image, see Use the Appsettings Generator. If your organization requires custom API notation, see Customize the API URIs. Use a text editor to configure the required elements. See the appsettings.json below with configurable examples in bold:
{ "https port": 443, "Logging": { "LogLevel": { "Default": "Information", "Microsoft": "Warning", "Microsoft.Hosting.Lifetime": "Information" } }, "Tenant": { "TenantName": "ExampleTenant", "TenantApiKey": "ExampleTenantKey", "PbkdfTenantApiKey": { "TenantApiKeyHash": "ExampleTenantKeyHash", "Salt": "ExampleSaltValue", "RandomFunction": "ExampleFunctionValue", "Iterations": 120000 "TenantUUID": "5568165d-216a-4631-a115-80de74f294fd", "SigningCertificate": { "IssuerPublicCertsPem": "ExampleCertificate or the Docker container path to the public key certificate", "IssuerPrivateKeyPem": "ExampleCertificate or the Docker container path to the private key" }, "JwtCertificate": { "TrustedRootsPem": "ExampleCertificate or the Docker container path to the trust chain of the signing certificate" } }, "Upload": { "BaseFileName": "SIEM_Output", "OutputLocation": "/var/dataEventRepository", "MaxFileSizeMb": 15, "MaxActiveFileDays": 1, "MaxFileAge": 3 }, "Kestrel": { "Endpoints": { "Http": { "PathBase": "/devicesvc/api/v1", "Url": "http://*:5000" }, "Https": { "PathBase": "/devicesvc/api/v1", "Url": "http://*:5001", "Certificate": { "Path": "/app/certs/test.pfx", "Password": "Password@123" }, }, } } } } }
Move the appsettings.json file to the persistent directory after modifying the above values.