deviceTRUST 23.1.410 for Windows and macOS, and 23.1.400 for Ubuntu and iOS are now available.
×
Search

ELK Stack Dashboards

deviceTRUST includes components for an ELK Stack to easily create a dashboard to monitor the contextual status of your remoting and DaaS environment.

The License Compliance Templates can be used with your ELK Stack to monitor or enforce Device-Based Licensing requirements for one or more applications:

The Device-Based Licensing dashboard
The Device-Based Licensing dashboard

The ELK Stack Status Report Template can be used to monitor the status of your remoting and DaaS environment:

The Status Report dashboard
The Status Report dashboard
  1. Step 1: Components
    1. Step 1.1: Components - GitHub
    2. Step 1.2: Components - Templates
  2. Step 2: The Device-Based Licensing Report
    1. Step 2.1: Add Index Template to ELK Stack
    2. Step 2.2: Import Saved Objects to ELK Stack
    3. Step 2.3: Configuring deviceTRUST
  3. Step 3: The Status Report
    1. Step 3.1: Add Index Template to ELK Stack
    2. Step 3.2: Import Saved Objects to ELK Stack
    3. Step 3.3: Configuring deviceTRUST
    4. Step 3.4: Edit index settings

Step 1: Components

The deviceTRUST dashboards for ELK Stack consist of several components. All elements that need to be imported on the ELK Stack side can be found on GitHub. The configuration for the deviceTRUST Agent is available as a template within the deviceTRUST Console.

Step 1.1: Components - GitHub

All required components for ELK Stack can be found on our GitHub repository.

Note:
  • Saved objects for ELK are not backward compatible. Please use only versions matching or older than your system.
  • Select the version number matching your ELK Stack system and download the files. You can of course also clone the whole repository if you like.
Downloading the ELK Stack components
Downloading the ELK Stack components

Every version folder contains folders for each use case. Each of these use case folders contains the relevant stored object and mapping files.

The use case folders within the versioned ELK Stack
The use case folders within the versioned ELK Stack

Each use case folder contains the following files:

  • elkstack-<use case>-mappings.txt contains data definitions for the data being sent to ELK Stack index mapping.
  • elkstack-<use case>-saved-objects.ndjson contains all objects that are required to store, search and visualize data, such as indexes, scripted fields, dashboards and searches.
The ELK Stack files to implement the use case
The ELK Stack files to implement the use case

Step 1.2: Components - Templates

deviceTRUST must be configured to send the required data for each use case. Templates for both use cases are included in the deviceTRUST Console.

The Status Report category of templates
The Status Report category of templates

Step 2: The Device-Based Licensing Report

This part of the guide relates to Device-Based Licensing. It lists all steps that are required to configure the ELK Stack, and also how to configure the deviceTRUST Agent.

Step 2.1: Add Index Template to ELK Stack

The first step is to create an Index Template. Index Templates describe the data that is being sent to an index. They make sure that every date is treated according to its type.

  • Within the ELK Stack management console, navigate to Menu\Stack Management\Index Management\Index Templates.
  • Click Create Template.
Creating an Index Template within your ELK Stack
Creating an Index Template within your ELK Stack
  • Set Name to dt_devicebasedlicensing.
  • Set Index Patterns to dt_devicebasedlicensing*.
Configuring the Index Template
Configuring the Index Template
  • Skip all options until Mappings.
  • Select Load Json to import the file elkstack-device-based-licensing-mappings.txt that was downloaded in Step 1.1.
Importing the mappings file
Importing the mappings file
  • Proceed with Load and overwrite.
Loading the mappings file
Loading the mappings file

The imported mappings are displayed. Please review them carefully.

  • SessionDate needs to be recognized as type Date for the report to function properly.
Reviewing the mappings
Reviewing the mappings
  • Skip all options until Review Template.
  • Generate the template with Create Template.
Creating the template
Creating the template

You’ll be given an overview of the created template. A blue marked M in the Content section indicates that mappings are available.

The created index template
The created index template

Step 2.2: Import Saved Objects to ELK Stack

All other parts of the report are to be imported as Saved Objects. The Saved Objects consist of Index Patterns with Scripted Fields, Visualizations and Dashboards.

  • Navigate to Menu\Stack Management\Saved Objects in your ELK Stack management console.
  • Click Import.
Importing the Saved Objects
Importing the Saved Objects
  • Select the file elkstack-device-based-licensing-saved-objects.ndjson.
  • Check Create new objects with random IDs to make sure no existing objects are altered.
Importing the Saved Objects
Importing the Saved Objects

After importing, an overview of the imported objects will be displayed.

Overview of the Saved Objects
Overview of the Saved Objects

Step 2.3: Configuring deviceTRUST

After the Index Mapping has been created and the Saved Objects are included, the ELK Stack is prepared for storing, sorting, and displaying your data.

The final step is to create the deviceTRUST configuration that will make sure all the required data is provided.

  • Open the deviceTRUST Console.
  • Click Sharing in the top right menu. You may need to click Show Advanced View if this button is not visible.
The Sharing button
The Sharing button
  • Select Import Template.
Importing the template
Importing the template
  • For Device-Based Licensing, the template category License Compliance is used.
The License Compliance template category
The License Compliance template category

This category contains templates for several software products. This example uses Acrobat DC, but can easily be customised for other applications.

The Acrobat DC template
The Acrobat DC template

Two contexts are included:

  • Adobe Acrobat DC Licensed Status to evaluate the device’s license status.
  • Adobe Acrobar DC User to define if the accessing user shall or shall not be using the software.
The contexts within the Acrobat DC template
The contexts within the Acrobat DC template

Three actions are included:

  • Adobe Acrobat DC Licensed Device - Conditional Application Access - FSLogix App Masking is used for controlling access to the software using FSLogix App Masking. This action can be ignored or removed for now.
  • Adobe Acrobat DC Licensed Device - Conditional Application Access - Microsoft AppLocker is used for controlling access to the software using Microsoft Applocker. This action can be ignored or removed for now.
  • Adobe Acrobat DC Licensed Device - Conditional Application Access - Reporting is the only action required for reporting.
The actions within the Acrobat DC template
The actions within the Acrobat DC template
  • The action contains multiple ways to store the data. Sending data to ELK Stack is configured by using a Web Request task. The Audit Event, Custom Process, as well as the Web Request Tasks for Splunk and Graylog can be deleted, as we are looking at ELK Stack here.
The actions within the Acrobat DC template
The actions within the Acrobat DC template
  • The Web Request task must be edited to suit your environment. If you use a basic setup without SSL or authorization, adding your server’s fqdn is the only required configuration change.
Customising the Web Request task
Customising the Web Request task

After the index template has been created, the saved objects are imported and the agent-side has been configured, the use case Device-Based Licensing has been implemented successfully.

deviceTRUST now sends status data about the application usage and the required hardware information to ELK Stack on every access to the remoting system. The data is presented in the created dashboards.

The completed Device-Based Licensing Dashboard
The completed Device-Based Licensing Dashboard

Step 3: The Status Report

This part of the guide relates to the Status Report. It lists all steps that are required to configure the use case on the agent-side, as well as on the ELK Stack side.

Step 3.1: Add Index Template to ELK Stack

The first step is to create an Index Template. Index Templates describe the data that is being sent to an index. They make sure, that every date is treated according to its type.

  • Within the ELK Stack management console, navigate to Menu\Stack Management\Index Management\Index Templates.
  • Click Create Template.
Creating an Index Template within your ELK Stack
Creating an Index Template within your ELK Stack
  • Set Name to dt_statusreport.
  • Set Index Patterns to dt_statusreport*.
Configuring the Index Template
Configuring the Index Template
  • Skip all options until Mappings.
  • Select Load Json to import the elkstack-status-report-mappings.txt that was downloaded in Step 1.1.
Importing the mappings file
Importing the mappings file
  • Proceed with Load and overwrite.
Loading the mappings file
Loading the mappings file
  • The imported mappings are displayed. Please review them carefully. Session Date, Anti-Virus Timestamp and Hardware BIOS Release Date need to be recognized as type Date for the report to function properly.
Reviewing the mappings
Reviewing the mappings
  • Skip all options until Review Template.
  • Generate the template with Create Template.
Creating the template
Creating the template
  • You’ll be given an overview of the created template. A blue marked M in the Content section indicates, that mappings are available.
The created index template
The created index template

Step 3.2: Import Saved Objects to ELK Stack

All other parts of the report are to be imported as Saved Objects. The Saved Objects consist of Index Patterns with Scripted Fields, Visualizations and Dashboards.

  • Navigate to Menu\Stack Management\Saved Objects in your ELK Stack management console.
  • Click Import.
Importing the Saved Objects
Importing the Saved Objects
  • Select the file elkstack-status-report-saved-objects.ndjson.
  • Check Create new objects with random IDs to make sure no existing objects are altered.
Importing the Saved Objects
Importing the Saved Objects

After importing, an overview of the imported objects will be displayed.

Overview of the Saved Objects
Overview of the Saved Objects

Step 3.3: Configuring deviceTRUST

After the Index Mapping has been created, the Saved Objects are included the index has been edited and the agent-side has been configured, the ELK Stack is prepared for storing, sorting, and displaying your data.

The last step is to create the deviceTRUST configuration, that will make sure all required data is provided.

  • Open the deviceTRUST Console.
  • Click Sharing in the top right menu. You may need to click Show Advanced View if this button is not visible.
The Sharing button
The Sharing button
  • Select Import Template.
Importing the template
Importing the template
  • For Status Report, the template category Status Report is used.
The Status Report template category
The Status Report template category
  • This category contains templates for several ways of storing data. Choose ELK Stack.
The ELK Stack for Remoting template
The ELK Stack for Remoting template
  • The imported template consists of 50 contexts and one action.
  • The Action Status Report – ELK Stack collects all relevant data and sends them over to the ELK Stack.
The Status Report - ELK Stack action
The Status Report - ELK Stack action
  • Sending data to ELK Stack is configured by using a Web Request task.
The Web Request task used to send data to the ELK Stack
The Web Request task used to send data to the ELK Stack
  • The Web Request task must be edited to suit your environment. If you use a basic setup without SSL or authorization, simply adding your server’s fqdn will do.
Customising the Web Request task
Customising the Web Request task

Step 3.4: Edit index settings

For the Status Report Dashboards to work properly, a configuration needs to be made at the index level: In a basic setting, ELK Stack allows to use 25 “calculated fields” per index. For the Status Report Dashboard, 48 calculated fields are used. Thus, the allowed number of calculated fields needs to be set to a higher value.

An error displayed when the allowed number of calculated fields is exceeded
An error displayed when the allowed number of calculated fields is exceeded

You need to send data to ELK Stack first. Sending data will create the index with basic settings. It can then be edited.

  • After sending your first data, you will find the index dt_statusreport has been created in the Index Management Menu.
The created dt_statusreport within the Index Management
The created dt_statusreport within the Index Management
  • Select the Index and chose Edit Settings. You’ll be presented a json configuration view.
Editing the index
Editing the index
  • Add "index.max_script_fields": "50" as a new line, making sure to keep the correct json formatting.
  • Save your changes.
The created dt_statusreport within the Index Management
The created dt_statusreport within the Index Management

Your Dashboard will now be displayed without errors.

After the index template has been created and the saved objects are imported, the use case Status Report has been implemented successfully. deviceTRUST now sends status data to ELK Stack on every access to the remoting system. The data is presented in the created dashboards.

The completed Status Report dashboard
The completed Status Report dashboard