Dell Trusted Device Installation and Administrator Guide v5.5

Configure the appsettings.json file

The appsettings.json file requires modification for the Event Repository to properly communicate with the Docker Instance. Use the appsettings.json generator in the Event Repository container or modify the file manually with a text editor. The following table details the top-level elements of the appsettings.json file:

Table 1. Top-level elements
Name	Required	Description
Logging	No	Enables administrators to configure the methods with which the Event Repository generates logs.
Tenant	Yes	Configuration of tenant information for this instance of the Event Repository.
Upload	Yes	Configuration of the SIEM upload method.

Tenant

The Tenant element configures the Event Repository with tenant information. Tenant information details the configuration necessary to control which computers can register with this Event Repository instance. The following table details the elements of the Tenant object:

Optionally, you can configure the appsettings generator to create a PbkdfTenantApiKey for PBKDF2 password storage.

Table 2. Tenant elements
Name	Required	Description
TenantName	Yes	The name of the tenant. This name is typically based on the company name or division. The TenantName should be unique in an organization.
TenantApiKey	Yes	The TenantApiKey is a string that represents a password that a computer must provide during registration.
PbkdfTenantApiKey	No	PbkdfTenantApiKey enables PBKDF2 password storage.
TenantApiKeyHash	No	A hash value of the TenantApiKey. NOTE: The TenantApiKeyHash value must be a valid base64 string. If the appsettings generator does not detect the above expected values in use, the PbkdfTenantApiKey element is not created.
Salt	No	The salt value used to hash the TenantApiKey. NOTE: The salt value must be a valid base64 string generated using a 16 byte array at minimum. If the appsettings generator does not detect the above expected values in use, the PbkdfTenantApiKey element is not created.
RandomFunction	No	The function used to hash the TenantApiKey. NOTE: The RandomFunction must use HMACSHA256 or HMACSHA512. If the appsettings generator does not detect the above expected values in use, the PbkdfTenantApiKey element is not created.
Iterations	No	The number of iterations used to generate the TenantApiKey hash. NOTE: If the RandomFunction in use is HMACSHA256, then the iteration must be at least 310000. If the RandomFunction in use is HMACSHA512, then the iteration must be at least 120000. If the appsettings generator does not detect the above expected values in use, the PbkdfTenantApiKey element is not created.
TenantUUID	Yes	A string representing a GUID unique to this tenant. NOTE: To create a GUID in Windows PowerShell, use the new-guid command. For more information, see this Microsoft article.
SigningCertificate	Yes	Also known as the Tenant Certificate. This certificate is used to sign the Identity Certificate generated during registration. NOTE: The SigningCertificate value must match the JwtCertificate value or be derived from it.
JwtCertificate	Yes	The entire certificate chain used to validate bearer tokens generated by the computers.

SigningCertficate

The SigningCertificate element requires the following entries:

Signing certificate
Private key associated with the signing certificate

The following table details the member used to describe the certificate and private key:

Table 3. Certificate elements
Name	Description
IssuerPublicCertsPem and IssuerPublicCertsFile	Provide one of the two choices. For IssuerPublicCertsPem, the string is the PEM encoded X509 certificate with newlines that are replaced with '\n' characters. For IssuerPublicCertsFile, the string is the path to the file containing the PEM encoded X509 certificate.
IssuerPrivateKeyPem and IssuerPrivatekeyFile	Provide one of the two choices. For IssuerPrivateKeyPem, the string is the PEM encoded private key that is associated with the IssuerPublicCert. For IssuerPrivateKeyFile, the string is the path to the file containing the PEM encoded private key. In both cases, the private key must not be password that is protected.

Upload

The Upload element details the connection to the SIEM solution. The following table details the Upload components:

Table 4. Upload elements
Name	Required	Description
BaseFileName	Yes	A string containing a user-defined component of the filename used for log files. The name of the file is <date>-TenantName-BaseFileName.log
OutputLocation	Yes	The path indicating the folder where the output log files are written.
MaxFileSizeMb	Yes	The maximum size to which a log file can grow. When a log file exceeds this amount, the file is closed and a new log file is created.
MaxActiveFileDays	Yes	The maximum amount of time, which is specified in days, for which a log file can be open. When the log file is open for longer than the time specified, it is closed, and a new log file is opened.
MaxFileAge	Yes	The time log files persist in the output folder. Files older than this time period, which is specified in days, are deleted.

Kestrel

The Kestrel element details the TLS connection. The following table details the Kestrel components:

NOTE: Dell Technologies recommends using only TLS v1.2 or TLS v1.3 and newer.

Table 5. Kestrel elements
Name	Required	Description
Endpoints	Yes	Details for the container listening ports.
Http/Https	Yes	Protocol definitions for the docker listening ports.
Pathbase	Yes	URI relative path with respect to the container (/devicesvr/api/v1).
Url	Yes	The container protocol and listening port ( https://*:5001").
Certificate	Yes	Details of the certificate that is used for TLS connections to the container.
Path	Yes	The location of the PKCS12 certificate (/app/certs/test.pfx).
Password	Yes	Password to the PKCS12 certificate.

To use the utility included with the Event Repository Docker image, see Use the Appsettings Generator. If your organization requires custom API notation, see Customize the API URIs. Use a text editor to configure the required elements. See the appsettings.json below with configurable examples in bold:

{
    "https port": 443,
    "Logging": {
        "LogLevel": {
            "Default": "Information",
            "Microsoft": "Warning",
            "Microsoft.Hosting.Lifetime": "Information"
        }
    },
    "Tenant": {
        "TenantName": "ExampleTenant",
        "TenantApiKey": "ExampleTenantKey",
		"PbkdfTenantApiKey": {
			"TenantApiKeyHash": "ExampleTenantKeyHash",
			"Salt": "ExampleSaltValue",
			"RandomFunction": "ExampleFunctionValue",
			"Iterations": 120000
        "TenantUUID": "5568165d-216a-4631-a115-80de74f294fd",
        "SigningCertificate": {
            "IssuerPublicCertsPem": "ExampleCertificate or the Docker container path to the public key certificate",
            "IssuerPrivateKeyPem": "ExampleCertificate or the Docker container path to the private key"
        },
        "JwtCertificate": {
            "TrustedRootsPem": "ExampleCertificate or the Docker container path to the trust chain of the signing certificate"
        }
    },
    "Upload": {
        "BaseFileName": "SIEM_Output",
        "OutputLocation": "/var/dataEventRepository",
        "MaxFileSizeMb": 15,
        "MaxActiveFileDays": 1,
        "MaxFileAge": 3
    },
    "Kestrel": {
        "Endpoints": {
            "Http": {
                "PathBase": "/devicesvc/api/v1",
                "Url": "http://*:5000"
            },
            "Https": {
                "PathBase": "/devicesvc/api/v1",
                "Url": "http://*:5001",
                "Certificate": {
                    "Path": "/app/certs/test.pfx",
                    "Password": "Password@123"
				},
    },
                }
            }
        }
    }
}

Move the appsettings.json file to the persistent directory after modifying the above values.

Welcome

Welcome to Dell

Dell Trusted Device Installation and Administrator Guide v5.5

Configure the appsettings.json file

Rate this content