REL-1212267 EW Documents - Custom JSON Related Configurations And Troubleshooting Guide

docs/custom-json-configuration/alert_notification_handlers_configuration.md

@@ -0,0 +1,63 @@
+## Alert Notification Handlers [Early Access]
+
+The `alertNotificationHandlers` section configures integrations for sending alerts when monitored resources meet specified conditions. This enables automated notifications to external platforms such as Slack.
+
+### Slack Handler
+
+The Slack handler allows alerts to be sent to a designated Slack channel. Configuration options include:
+
+| Property                   | Description                                                                 |
+|----------------------------|-----------------------------------------------------------------------------|
+| `accessToken`              | The Slack API token used for authentication.                                |
+| `acknowledgeAlertEnabled`  | Boolean flag to enable/disable alert acknowledgment in Slack. This is by dafault false since implementation is not done.               |
+| `channel`                  | The Slack channel ID where alerts will be posted.                         |
+| `enabled`                  | Boolean flag to enable/disable Slack notifications.                         |
+| `messageIntervalSeconds`   | Interval (in seconds) between alert messages sent to Slack. It should be more than or equal to  min slack interval in seconds i.e. 180               |
+
+---
+
+### Configure Slack in Custom JSON Configuration File
+
+#### Prerequisites
+
+Before configuring Slack notifications:
+
+- Create a Slack App in your Slack workspace.
+- Generate an OAuth token with the required permissions to post messages to channels.
+
+#### Configuration
+
+To configure Slack notification in the custom JSON configuration file, locate the `alertNotificationHandlers` section and update the configuration as below.
+
+- Provide OAuth Token in `accessToken`.
+- Set `channel` to the Slack channel ID where alerts will be sent.
+- Set `enabled` to `true` to enable Slack notifications.
+- Set `messageIntervalSeconds` to define the interval at which messages are sent to Slack. By default, it is set to 180 seconds from the code base. If, we set it to less than 180 seconds, it will be overridden to 180 seconds.
+
+```json
+"alertNotificationHandlers": {
+			"slack": {
+				"accessToken": "slack-access-token",
+				"acknowledgeAlertEnabled": false,
+				"channel": "slack-channel-id",
+				"enabled": true,
+				"messageIntervalSeconds": 60
+			}
+		}
+```
+
+### Verification in Kibana
+
+- Navigate to Kibana Discover.
+- Select `logs-*` Data View.
+- Search for "The Environment Watch shared configuration object is not empty" which indicates that the EW Windows Service fetching values from the custom JSON configuration file successfully.
+
+![](/resources/custom-json-images/environment-watch-shared-settings-not-empty-generic.png)
+
+### Slack Notification Example
+
+![Slack Example](../../resources/slackalerts-images/SlackNotification.png)
+
+## Troubleshooting
+Refer to the [Troubleshooting Guide](../troubleshooting/custom-json-troubleshooting.md) to resolve any custom JSON slack configuration issues.
+

docs/custom-json-configuration/certificates_configuration.md

@@ -0,0 +1,109 @@
+# Certificates Configuration
+
+This section describes how to configure certificate monitoring using the `environmentWatchConfiguration` JSON configuration file.
+
+---
+
+## Overview
+
+Monitors the presence and validity of specified certificates in Windows certificate stores. By default, the Relativity Secret Store certificate is monitored without requiring additional configuration. Other certificates can be added based on the installed product or specific requirements.
+
+**Default Certificates**
+| Certificate Name                  | Description                                      |
+|-----------------------------------|--------------------------------------------------|
+| Relativity Secret Store           | Certificate for Relativity Secret Store.         |
+
+**Properties In Custom JSON Configuration File Related to Certificates**
+
+| Property       | Type     | Description                                                      |
+|----------------|----------|------------------------------------------------------------------|
+| `enabled`      | boolean  | Enables or disables monitoring for certificates.                 |
+| `include`      | array    | List of certificate objects to monitor.                          |
+| `storeName`    | string   | Name of the certificate store (e.g., `"My"`).                    |
+| `storeLocation`| string   | Location of the store (e.g., `"LocalMachine"`).                  |
+| `thumbprint`   | string   | Certificate thumbprint to identify the certificate.              |
+
+#### StoreLocation Enum Values
+
+The `storeLocation` field specifies the location of the X.509 certificate store to use.
+
+**Possible Values**
+
+| Value         | Description                                                    |
+|---------------|----------------------------------------------------------------|
+| CurrentUser   | The X.509 certificate store is located in the current user's profile. |
+| LocalMachine  | The X.509 certificate store is located in the local computer's profile. |
+
+#### StoreName Enum Values
+
+The `storeName` field specifies the name of the Windows certificate store where the X.509 certificate is located.
+
+**Possible Values**
+
+| Value                | Description                                   |
+|----------------------|-----------------------------------------------|
+| AddressBook          | Other people                                  |
+| AuthRoot             | Third party trusted roots                     |
+| CertificateAuthority | Intermediate CAs                              |
+| Disallowed           | Revoked certificates                          |
+| My                   | Personal certificates                         |
+| Root                 | Trusted root CAs                              |
+| TrustedPeople        | Trusted people (used in EFS)                  |
+| TrustedPublisher     | Trusted publishers (used in Authenticode)     |
+
+**Get Certificate Thumbprint**
+
+Depending on the Store Location and Store Name, run the following command on the host. For `LocalMachine` and `My`, use:
+
+```powershell
+Get-ChildItem Cert:\LocalMachine\My
+```
+
+The command returns a list of certificates including their `thumbprint` and `subject`. Copy the `thumbprint` value for the certificate to be monitored and use it in the custom JSON configuration file. Adjust the command as needed based on the selected `storeName` and `storeLocation`.
+
+## Configure Certificates
+
+Certificates can be monitored at the "**hosts**", "**instance**", or "**installedProducts**" level.
+For certificates to monitor, locate "**certificates**" under the desired section and update the configuration as below.
+
+- `enabled` : Set to `true` to enable certificate monitoring.
+- When configuring the `include` section, specify the `storeName`, `storeLocation`, and `thumbprint` for each certificate to be monitored.
+
+**Example 1**: Monitoring two certificates from the LocalMachine\My store. The certificate is identified by its Thumbprint, which can be retrieved using the following PowerShell command: `Get-ChildItem Cert:\LocalMachine\My`
+
+```json
+{
+	"certificates": {
+		"enabled": true,
+		"include": [
+			{
+				"storeName": "My",
+				"storeLocation": "LocalMachine",
+				"thumbprint": "005501F9BA68A2ED7D9BD515B256F6298AEF7E5A"
+			},
+			{
+				"storeName": "My",
+				"storeLocation": "LocalMachine",
+				"thumbprint": "E62D7D4DD8D054072A7A58A577D500753A586C75"
+			}
+		]
+	}
+}
+```
+
+### Verification in Kibana
+
+- Navigate to Kibana Discover.
+- Select `logs-*` Data View.
+- Search for "The Environment Watch shared configuration object is not empty" which indicates that the EW Windows Service fetching values from the custom JSON configuration file successfully.
+
+![](/resources/custom-json-images/environment-watch-shared-settings-not-empty-generic.png)
+- Navigate to the Kibana certificates dashboard.
+- Ensure that the certificates defined in the custom JSON configuration file appear on the Kibana certificates dashboard. The example below demonstrates how a certificate specified in the custom JSON configuration file is successfully monitored and displayed on the certificates dashboard.
+
+![](/resources/custom-json-images/certificate-json-example.png)
+
+![](/resources/custom-json-images/certificate-dashboard-example.png)
+
+## Troubleshooting
+Refer to the [Troubleshooting Guide](../troubleshooting/custom-json-troubleshooting.md) to resolve any custom JSON certificate configuration issues.