REL-1212267 EW Documents - Custom JSON Related Configurations #45
+683
−0
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,60 @@ | ||
| ## Alert Notification Handlers [Early Access] | ||
|
|
||
| The `alertNotificationHandlers` section configures integrations for sending alerts when monitored resources meet specified conditions. This enables automated notifications to external platforms such as Slack. | ||
|
|
||
| ### Slack Handler | ||
|
|
||
| The Slack handler allows alerts to be sent to a designated Slack channel. Configuration options include: | ||
|
|
||
| | Property | Description | | ||
| |----------------------------|-----------------------------------------------------------------------------| | ||
| | `accessToken` | The Slack API token used for authentication. | | ||
| | `acknowledgeAlertEnabled` | Boolean flag to enable/disable alert acknowledgment in Slack. This is by dafault false since implementation is not done. | | ||
| | `channel` | The Slack channel ID where alerts will be posted. | | ||
| | `enabled` | Boolean flag to enable/disable Slack notifications. | | ||
| | `messageIntervalSeconds` | Interval (in seconds) between alert messages sent to Slack. It should be more than or equal to min slack interval in seconds i.e. 180 | | ||
|
|
||
| --- | ||
|
|
||
| ### Configure Slack in Custom JSON | ||
|
|
||
| #### Prerequisites | ||
|
|
||
| Before configuring Slack notifications: | ||
|
|
||
| - Create a Slack App in your Slack workspace. | ||
| - Generate an OAuth token with the required permissions to post messages to channels. | ||
|
|
||
| #### Configuration | ||
|
|
||
| To configure Slack notification in the custom JSON file, locate the `alertNotificationHandlers` section and update the configuration as below. | ||
|
|
||
| - Provide OAuth Token in `accessToken`. | ||
| - Set `channel` to the Slack channel ID where alerts will be sent. | ||
| - Set `enabled` to `true` to enable Slack notifications. | ||
| - Set `messageIntervalSeconds` to define the interval at which messages are sent to Slack. By default, it is set to 180 seconds from the code base. If, we set it to less than 180 seconds, it will be overridden to 180 seconds. | ||
|
|
||
| ```json | ||
| "alertNotificationHandlers": { | ||
| "slack": { | ||
| "accessToken": "slack-access-token", | ||
| "acknowledgeAlertEnabled": false, | ||
| "channel": "slack-channel-id", | ||
| "enabled": true, | ||
| "messageIntervalSeconds": 60 | ||
| } | ||
| } | ||
| ``` | ||
|
|
||
| ### Verification in Kibana | ||
|
|
||
| - Navigate to Kibana Discover. | ||
| - Select `logs-*` Data View. | ||
| - Search for "The Environment Watch shared configuration object is not empty" which indicates that the EW Windows Service fetching values from the custom JSON configuration successfully. | ||
|
|
||
|  | ||
|
|
||
| ### Slack Notification Example | ||
|
|
||
|  | ||
|
|
||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,106 @@ | ||
| # Certificates Configuration | ||
|
|
||
| This section describes how to configure certificate monitoring using the `environmentWatchConfiguration` JSON object. | ||
|
Contributor
There was a problem hiding this comment. JSON object is correct, but can we update to JSON configuration file? |
||
|
|
||
| --- | ||
|
|
||
| ## Overview | ||
|
|
||
| Monitors the presence and validity of specified certificates in Windows certificate stores. By default, the Relativity Secret Store certificate is monitored without requiring additional configuration. Other certificates can be added based on the installed product or specific requirements. | ||
|
|
||
| **Default Certificates** | ||
| | Certificate Name | Description | | ||
| |-----------------------------------|--------------------------------------------------| | ||
| | Relativity Secret Store | Certificate for Relativity Secret Store. | | ||
|
|
||
| **Properties In Custom JSON Related to Certificates** | ||
|
|
||
| | Property | Type | Description | | ||
| |----------------|----------|------------------------------------------------------------------| | ||
| | `enabled` | boolean | Enables or disables monitoring for certificates. | | ||
| | `include` | array | List of certificate objects to monitor. | | ||
| | `storeName` | string | Name of the certificate store (e.g., `"My"`). | | ||
| | `storeLocation`| string | Location of the store (e.g., `"LocalMachine"`). | | ||
| | `thumbprint` | string | Certificate thumbprint to identify the certificate. | | ||
|
|
||
| #### StoreLocation Enum Values | ||
|
|
||
| The `storeLocation` field specifies the location of the X.509 certificate store to use. | ||
|
|
||
| **Possible Values** | ||
|
|
||
| | Value | Description | | ||
| |---------------|----------------------------------------------------------------| | ||
| | CurrentUser | The X.509 certificate store is located in the current user's profile. | | ||
| | LocalMachine | The X.509 certificate store is located in the local computer's profile. | | ||
|
|
||
| #### StoreName Enum Values | ||
|
|
||
| The `storeName` field specifies the name of the Windows certificate store where the X.509 certificate is located. | ||
|
|
||
| **Possible Values** | ||
|
|
||
| | Value | Description | | ||
| |----------------------|-----------------------------------------------| | ||
| | AddressBook | Other people | | ||
| | AuthRoot | Third party trusted roots | | ||
| | CertificateAuthority | Intermediate CAs | | ||
| | Disallowed | Revoked certificates | | ||
| | My | Personal certificates | | ||
| | Root | Trusted root CAs | | ||
| | TrustedPeople | Trusted people (used in EFS) | | ||
| | TrustedPublisher | Trusted publishers (used in Authenticode) | | ||
|
|
||
| **Get Certificate Thumbprint** | ||
|
|
||
| Depending on the Store Location and Store Name, run the following command on the host. For `LocalMachine` and `My`, use: | ||
|
|
||
| ```powershell | ||
| Get-ChildItem Cert:\LocalMachine\My | ||
| ``` | ||
|
|
||
| The command returns a list of certificates including their `thumbprint` and `subject`. Copy the `thumbprint` value for the certificate you want to monitor and use it in the custom JSON configuration. Adjust the command as needed based on the selected `storeName` and `storeLocation`. | ||
|
|
||
| ## Configure Certificates | ||
|
|
||
| Certificates can be monitored at the "**hosts**", "**instance**", or "**installedProducts**" level. | ||
| For certificates to monitor, locate "**certificates**" under the desired section and update the configuration as below. | ||
|
|
||
| - `enabled` : Set to `true` to enable certificate monitoring. | ||
| - When configuring the `include` section, specify the `storeName`, `storeLocation`, and `thumbprint` for each certificate to be monitored. | ||
|
|
||
| **Example 1**: Monitoring two certificates from the LocalMachine\My store. The certificate is identified by its Thumbprint, which you can retrieve using the following PowerShell command:`Get-ChildItem Cert:\LocalMachine\My` | ||
|
|
||
| ```json | ||
| { | ||
| "certificates": { | ||
| "enabled": true, | ||
| "include": [ | ||
| { | ||
| "storeName": "My", | ||
| "storeLocation": "LocalMachine", | ||
| "thumbprint": "005501F9BA68A2ED7D9BD515B256F6298AEF7E5A" | ||
| }, | ||
| { | ||
| "storeName": "My", | ||
| "storeLocation": "LocalMachine", | ||
| "thumbprint": "E62D7D4DD8D054072A7A58A577D500753A586C75" | ||
| } | ||
| ] | ||
| } | ||
| } | ||
| ``` | ||
|
|
||
| ### Verification in Kibana | ||
|
|
||
| - Navigate to Kibana Discover. | ||
| - Select `logs-*` Data View. | ||
| - Search for "The Environment Watch shared configuration object is not empty" which indicates that the EW Windows Service fetching values from the Custom JSON configuration successfully. | ||
|
|
||
|  | ||
| - Navigate to the Kibana certificates dashboard. | ||
| - Ensure that the certificates defined in the custom JSON configuration appear on the Kibana certificates dashboard. The example below demonstrates how a certificate specified in the custom JSON is successfully monitored and displayed on the certificates dashboard. | ||
|
|
||
|  | ||
|
|
||
|  | ||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Environment Watch automatically reads this file and applies the defined monitoring rules to the relevant instances, products, and hosts. - is there any time wait before it picks up the new configured file?
if yes, we should call that out before verifying in Kibana. if not, no change is required.