White Papers
Table Of Contents
- Dell Trusted Device Installation and Administrator Guide v3.6
- Contents
- Introduction
- Requirements
- Download the software
- Verify the installation package
- Installation
- Uninstall Trusted Device
- BIOS Verification
- Image Capture
- BIOS Events & Indicators of Attack
- Security Risk Protection Score
- Intel ME Verification
- Integration
- Run the BIOS Verification Agent
- Results, troubleshooting, and remediation
NOTE: The server example.server.com must be trusted. The hostname must match, the Trust Chain must be trusted,
and the date must be valid.
"RootCertificate"="ExampleCertificate"
Configure to forward data to a SIEM solution
SIEM solutions often require a utility to consume data sources. The Splunk universal forwarder is a lightweight forwarding
solution that can be configured for use with the Event Repository during or after installation. The following example provides
installation and configuration reference for the Splunk universal forwarder to push data from Event Repository to a Splunk SIEM
instance.
Use one of the following articles to install a universal forwarder based on the environment in which your Event Repository is
installed:
● To install a universal forwarder on Windows, see this Splunk article.
● To install a universal forwarder on Linux, Solaris, macOS, FreeBSD, or AIX, see this Splunk article.
After installation, see this Splunk article to configure the universal forwarder for use with the Event Repository.
After Docker is installed and prerequisites are configured, go to Run the Event Repository.
Download the Event Repository image
Use the following workflow to download the Event Repository image:
1. Ensure that Docker is installed and running on the target computer.
2. Go to https://hub.docker.com/r/dellemc/dtd-event-repository and sign in with your Docker credentials.
3. Download the dtd-event-repository image.
4. Go to the dtd-event-repository image download location and open PowerShell or Terminal application.
5. Enter the following command to install the Event Repository:
docker pull dellemc/dtd-event-repository
Disconnected environments
If your SIEM solution is configured in Disconnected mode, see the following articles:
● Go to this Docker article to see the steps for saving a Docker image for later use.
● Go to this Docker article to see the steps for loading a previously saved Docker image.
Run the Event Repository
After downloading the Docker image, the Event Repository must be initialized to begin collating data from the agents. See this
Docker article for more information on Docker run commands. The following table details the Docker-based variables needed to
configure the Event Repository container:
Variable
Meaning
-d Run the docker container in a detached mode.
dellemc/dtd-event-repository
Defines the container image to use for this container.
NOTE: If a specific version of the Event
Repository image is required, append this command
with :<version number>. For example: dellemc/dtd-
event-repository:1.0.2.0
-it Starts an interactive command-line session connected to the
Docker container.
-p Specifies ports used for the container.
--rm Automatically removes the container when it exits.
30 Integration