RSA Archer® Suite enables you to build an effective and collaborative enterprise governance, risk and compliance solutions across domains, including Security Risk Management, Operational Risk Management and Regulatory and Corporate Compliance.
This document provides information about the RSA Archer connector, which facilitates automated interactions, with an RSA Archer server using FortiSOAR™ playbooks. Add the RSA Archer connector as a step in FortiSOAR™ playbooks and perform automated operations, such as getting all the information for a record or a report.
Connector Version: 1.0.1
Compatibility with FortiSOAR™ Versions: 4.9.0.0-708 and later
Compatibility with RSA Archer Versions: 6.2.0.1 and later
Following enhancements have been made to the RSA Archer
Connector in version 1.0.1:
Get Record by RecordID
connector function and playbook to Get Record
.False
.For the procedure to install a connector, click here.
This section is optional and only required if you are going to perform the Create Record
and Update Record
operations. The Create Record
and Update Record
operations has the Field Value
as an input parameter. The Field Value
parameter requires to be in the dictionary (dict
) format. Following is the explanation of how the Field Value
parameter works and how you must enter the value for this parameter in FortiSOAR™. A Fields Value
parameter contains a Key-Value pair.
Key: The Key contains the Field Name or Field Alias or Field ID.
Use the Get Fields Details of Module
operation to get the Field Name or Field Type values.
Value: You can get the value of the Field Type from the Get Fields Details of Module
operation and based on the Field Value Type retrieved following will be the value formats:
null
value to a Date field, enter a value of "0". For example: {“date” : "0"}Get Values List Item
function. Value should be Value Id, Name, Description, NumericValue or an Alias.Get All User Details
operation to see the usernames or user ids. If you want to add more than one user, you must provide usernames or userids that are comma-separated. For example, "users": "201, 202"
.Get All Group Details
operation to see the group name or group ids. If you want to add more than one group, you must provide group names or group ids that are comma-separated. For example, "groups": "12100, 12101"
.contentId
of the related record."IP Address" = "192.168.0.13"
."IP Address" = “0045:0320:0511:0513:0777:0065:0043:0032”
or the IP address in the short form: "IP Address"= "46:0:495:0:776:64::"
Example of what you can enter Field Value parameter in the Create Record
and Update Record
operations as an input:
{ "Type_of_Monitoring" : "Trend_Alignment", "Metric Name" : "tes-matrix-1293", "Description" : "update-testing--ahsdbgfqhy487435kb", "Measurement Frequency" : "Daily", "Trend_Expectation" : "<html><head></head><body style=\"font-family: 'Arial'\"></body></html>", "Metric_Type" : "Key_Risk_Indicator_KRI", "8014" : {"users" :"202", "groups" : "121231233"}, "Date" : "12/31/2099 11:59AM", "IP Address" : "192.168.0.13" }
For the procedure to configure a connector, click here.
In FortiSOAR™, on the Connectors page, select the RSA Archer connector and click Configure to configure the following parameters:
Parameter | Description |
---|---|
Hostname | IP address or Hostname of the RSA Archer server. |
Port | Port number used for connecting to the RSA Archer server. |
Instance Name | Instance name of the RSA Archer server to which you will connect and perform the automated operations. |
Username | Username to access the RSA Archer server. |
Password | Password to access the RSA Archer server. |
Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set as False . |
The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:
Function | Description | Annotation and Category |
---|---|---|
Get Record | Retrieves all the details about a record from the RSA Archer server, based on the record ID that you have specified. | search_record Investigation |
Get Details For All Reports | Retrieve all the details of all the reports from the RSA Archer server. | get_reports Investigation |
Get Records by Report | Retrieves all the records from the RSA Archer server that have been referenced in the report you have specified by the Report ID, GUID, Name, or Description. | search_records Investigation |
Create Record | Creates a record in the RSA Archer module, you have specified. | create_record Investigation |
Update Record | Updates a record in the RSA Archer server, based on the record ID you have specified. | update_record Investigation |
Get Details For All Modules | Retrieves all the details of all the modules (applications) from the RSA Archer server. | get_app_details Investigation |
Get All Users Details | Retrieves all the details of all the users from the RSA Archer server. | get_users Investigation |
Get All Groups Details | Retrieves all the details of all the groups from the RSA Archer server. | get_groups Investigation |
Get Reports Details of Module | Retrieves all the details of all the reports for the specified module (application) from the RSA Archer server. | get_reports Investigation |
Get Fields Details of Module | Retrieves all the details of the all the fields for the specified module (application) from the RSA Archer server. | get_fields_detail Investigation |
Get Values List Item | Retrieves all the list values (values of the list items within a drop-down list) from the RSA Archer server, based on the Value List ID that you have specified. | get_fields_detail Investigation |
Parameter | Description |
---|---|
Record ID | ID of the RSA Archer record whose details you want to retrieve. For example, Record ID: 189 . |
The JSON output contains all the details about the RSA Archer record, based on the record ID that you have specified.
Following image displays a sample output:
Parameter | Description |
---|---|
Save Output as HTML Attachment | (Optional) Select the Save Output as HTML Attachment check box if in addition to the JSON output you also want to add the contents of the output to an HTML file and add that HTML file to the Attachments Module in FortiSOAR™. |
The JSON output contains all the details of all the reports from the RSA Archer server.
Following image displays a sample output:
Parameter | Description |
---|---|
Record ReportGUID/ReportName/ReportDescription | ID, GUID, Name, or Description of the RSA Archer report whose records you want to retrieve. |
Page Number | Page number from which you want to retrieve records. |
The JSON output retrieves all the records from the RSA Archer server that have been referenced in the report you have specified by the Report ID, GUID, Name, or Description.
Following image displays a sample output:
Parameter | Description |
---|---|
Module ID/Name/Alias | ID, Name, or Alias of the RSA Archer module (application) in which you want to create the record. The input value of this field must be in the string format.For example: Module ID/Name/Alias: "189" Or Module ID/Name/Alias: '189' . |
Field Values | This parameter must be in the dict format and contains a Key-Value pair. For more information, see the Working with the Field Value parameter section. |
The JSON output contains the IDs of the record you have created on the RSA Archer server.
Following image displays a sample output:
Parameter | Description |
---|---|
Module ID/Name/Alias | ID, Name, or Alias of the RSA Archer module (application) in which you want to update the record. The input value of this field must be in the string format.For example, Module ID/Name/Alias: "189" Or Module ID/Name/Alias: '189' . |
Record Content ID | ID of the record that you want to update. For example, Record Content ID: 189 . |
Field Values | This parameter must be in the dict format and contains a Key-Value pair. For more information, see the Working with the Field Value parameter section. |
The JSON output contains the details of the record you have updated on the RSA Archer server.
Following image displays a sample output:
Parameter | Description |
---|---|
Save Output as HTML Attachment | (Optional) Select the Save Output as HTML Attachment check box if in addition to the JSON output you also want to add the contents of the output to an HTML file and add that HTML file to the Attachments Module in FortiSOAR™. |
The JSON output contains all the details of all the modules (applications) from the RSA Archer server.
Following image displays a sample output:
Parameter | Description |
---|---|
Save Output as HTML Attachment | (Optional) Select the Save Output as HTML Attachment check box if in addition to the JSON output you also want to add the contents of the output to an HTML file and add that HTML file to the Attachments Module in FortiSOAR™. |
The JSON output contains all the details of all the users from the RSA Archer server.
Following image displays a sample output:
Parameter | Description |
---|---|
Save Output as HTML Attachment | (Optional) Select the Save Output as HTML Attachment check box if in addition to the JSON output you also want to add the contents of the output to an HTML file and add that HTML file to the Attachments Module in FortiSOAR™. |
The JSON output contains all the details of all the groups from the RSA Archer server.
Following image displays a sample output:
Parameter | Description |
---|---|
Module ID/Name/Alias | ID, Name, or Alias of the RSA Archer module (application) in which you want to update the record. The input value of this field must be in the string format.For example, Module ID/Name/Alias: "189" Or Module ID/Name/Alias: '189' . |
The JSON output contains all the details of all the reports for the specified module (application) from the RSA Archer server.
Following image displays a sample output:
Parameter | Description |
---|---|
Module ID/Name/Alias | ID, Name, or Alias of the RSA Archer module (application) in which you want to update the record. The input value of this field must be in the string format.For example, Module ID/Name/Alias: "189" Or Module ID/Name/Alias: '189' . |
Save Output as HTML Attachment | (Optional) Select the Save Output as HTML Attachment check box, if in addition to the JSON output you also want to add the contents of the output to an HTML file and add that HTML file to the Attachments Module in FortiSOAR™. |
The JSON output contains all the details of the all the fields for the specified module (application) from the RSA Archer server.
Following image displays a sample output:
Parameter | Description |
---|---|
Value List Id | ID of the RSA Archer Value List for which you want to retrieve the corresponding values of its drop-down items. The values include information such as name of the value, ID of the value, and alias of the value. For example, Value List ID: 12 . |
The JSON output contains the list values (values of the list items within a drop-down list) from the RSA Archer server, based on the Value List ID that you have specified.
Following image displays a sample output:
The Sample-RSA Archer-1.0.1
playbook collection comes bundled with the RSA Archer connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the RSA Archer connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection, since the sample playbook collection gets deleted during connector upgrade and delete.
RSA Archer® Suite enables you to build an effective and collaborative enterprise governance, risk and compliance solutions across domains, including Security Risk Management, Operational Risk Management and Regulatory and Corporate Compliance.
This document provides information about the RSA Archer connector, which facilitates automated interactions, with an RSA Archer server using FortiSOAR™ playbooks. Add the RSA Archer connector as a step in FortiSOAR™ playbooks and perform automated operations, such as getting all the information for a record or a report.
Connector Version: 1.0.1
Compatibility with FortiSOAR™ Versions: 4.9.0.0-708 and later
Compatibility with RSA Archer Versions: 6.2.0.1 and later
Following enhancements have been made to the RSA Archer
Connector in version 1.0.1:
Get Record by RecordID
connector function and playbook to Get Record
.False
.For the procedure to install a connector, click here.
This section is optional and only required if you are going to perform the Create Record
and Update Record
operations. The Create Record
and Update Record
operations has the Field Value
as an input parameter. The Field Value
parameter requires to be in the dictionary (dict
) format. Following is the explanation of how the Field Value
parameter works and how you must enter the value for this parameter in FortiSOAR™. A Fields Value
parameter contains a Key-Value pair.
Key: The Key contains the Field Name or Field Alias or Field ID.
Use the Get Fields Details of Module
operation to get the Field Name or Field Type values.
Value: You can get the value of the Field Type from the Get Fields Details of Module
operation and based on the Field Value Type retrieved following will be the value formats:
null
value to a Date field, enter a value of "0". For example: {“date” : "0"}Get Values List Item
function. Value should be Value Id, Name, Description, NumericValue or an Alias.Get All User Details
operation to see the usernames or user ids. If you want to add more than one user, you must provide usernames or userids that are comma-separated. For example, "users": "201, 202"
.Get All Group Details
operation to see the group name or group ids. If you want to add more than one group, you must provide group names or group ids that are comma-separated. For example, "groups": "12100, 12101"
.contentId
of the related record."IP Address" = "192.168.0.13"
."IP Address" = “0045:0320:0511:0513:0777:0065:0043:0032”
or the IP address in the short form: "IP Address"= "46:0:495:0:776:64::"
Example of what you can enter Field Value parameter in the Create Record
and Update Record
operations as an input:
{ "Type_of_Monitoring" : "Trend_Alignment", "Metric Name" : "tes-matrix-1293", "Description" : "update-testing--ahsdbgfqhy487435kb", "Measurement Frequency" : "Daily", "Trend_Expectation" : "<html><head></head><body style=\"font-family: 'Arial'\"></body></html>", "Metric_Type" : "Key_Risk_Indicator_KRI", "8014" : {"users" :"202", "groups" : "121231233"}, "Date" : "12/31/2099 11:59AM", "IP Address" : "192.168.0.13" }
For the procedure to configure a connector, click here.
In FortiSOAR™, on the Connectors page, select the RSA Archer connector and click Configure to configure the following parameters:
Parameter | Description |
---|---|
Hostname | IP address or Hostname of the RSA Archer server. |
Port | Port number used for connecting to the RSA Archer server. |
Instance Name | Instance name of the RSA Archer server to which you will connect and perform the automated operations. |
Username | Username to access the RSA Archer server. |
Password | Password to access the RSA Archer server. |
Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set as False . |
The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:
Function | Description | Annotation and Category |
---|---|---|
Get Record | Retrieves all the details about a record from the RSA Archer server, based on the record ID that you have specified. | search_record Investigation |
Get Details For All Reports | Retrieve all the details of all the reports from the RSA Archer server. | get_reports Investigation |
Get Records by Report | Retrieves all the records from the RSA Archer server that have been referenced in the report you have specified by the Report ID, GUID, Name, or Description. | search_records Investigation |
Create Record | Creates a record in the RSA Archer module, you have specified. | create_record Investigation |
Update Record | Updates a record in the RSA Archer server, based on the record ID you have specified. | update_record Investigation |
Get Details For All Modules | Retrieves all the details of all the modules (applications) from the RSA Archer server. | get_app_details Investigation |
Get All Users Details | Retrieves all the details of all the users from the RSA Archer server. | get_users Investigation |
Get All Groups Details | Retrieves all the details of all the groups from the RSA Archer server. | get_groups Investigation |
Get Reports Details of Module | Retrieves all the details of all the reports for the specified module (application) from the RSA Archer server. | get_reports Investigation |
Get Fields Details of Module | Retrieves all the details of the all the fields for the specified module (application) from the RSA Archer server. | get_fields_detail Investigation |
Get Values List Item | Retrieves all the list values (values of the list items within a drop-down list) from the RSA Archer server, based on the Value List ID that you have specified. | get_fields_detail Investigation |
Parameter | Description |
---|---|
Record ID | ID of the RSA Archer record whose details you want to retrieve. For example, Record ID: 189 . |
The JSON output contains all the details about the RSA Archer record, based on the record ID that you have specified.
Following image displays a sample output:
Parameter | Description |
---|---|
Save Output as HTML Attachment | (Optional) Select the Save Output as HTML Attachment check box if in addition to the JSON output you also want to add the contents of the output to an HTML file and add that HTML file to the Attachments Module in FortiSOAR™. |
The JSON output contains all the details of all the reports from the RSA Archer server.
Following image displays a sample output:
Parameter | Description |
---|---|
Record ReportGUID/ReportName/ReportDescription | ID, GUID, Name, or Description of the RSA Archer report whose records you want to retrieve. |
Page Number | Page number from which you want to retrieve records. |
The JSON output retrieves all the records from the RSA Archer server that have been referenced in the report you have specified by the Report ID, GUID, Name, or Description.
Following image displays a sample output:
Parameter | Description |
---|---|
Module ID/Name/Alias | ID, Name, or Alias of the RSA Archer module (application) in which you want to create the record. The input value of this field must be in the string format.For example: Module ID/Name/Alias: "189" Or Module ID/Name/Alias: '189' . |
Field Values | This parameter must be in the dict format and contains a Key-Value pair. For more information, see the Working with the Field Value parameter section. |
The JSON output contains the IDs of the record you have created on the RSA Archer server.
Following image displays a sample output:
Parameter | Description |
---|---|
Module ID/Name/Alias | ID, Name, or Alias of the RSA Archer module (application) in which you want to update the record. The input value of this field must be in the string format.For example, Module ID/Name/Alias: "189" Or Module ID/Name/Alias: '189' . |
Record Content ID | ID of the record that you want to update. For example, Record Content ID: 189 . |
Field Values | This parameter must be in the dict format and contains a Key-Value pair. For more information, see the Working with the Field Value parameter section. |
The JSON output contains the details of the record you have updated on the RSA Archer server.
Following image displays a sample output:
Parameter | Description |
---|---|
Save Output as HTML Attachment | (Optional) Select the Save Output as HTML Attachment check box if in addition to the JSON output you also want to add the contents of the output to an HTML file and add that HTML file to the Attachments Module in FortiSOAR™. |
The JSON output contains all the details of all the modules (applications) from the RSA Archer server.
Following image displays a sample output:
Parameter | Description |
---|---|
Save Output as HTML Attachment | (Optional) Select the Save Output as HTML Attachment check box if in addition to the JSON output you also want to add the contents of the output to an HTML file and add that HTML file to the Attachments Module in FortiSOAR™. |
The JSON output contains all the details of all the users from the RSA Archer server.
Following image displays a sample output:
Parameter | Description |
---|---|
Save Output as HTML Attachment | (Optional) Select the Save Output as HTML Attachment check box if in addition to the JSON output you also want to add the contents of the output to an HTML file and add that HTML file to the Attachments Module in FortiSOAR™. |
The JSON output contains all the details of all the groups from the RSA Archer server.
Following image displays a sample output:
Parameter | Description |
---|---|
Module ID/Name/Alias | ID, Name, or Alias of the RSA Archer module (application) in which you want to update the record. The input value of this field must be in the string format.For example, Module ID/Name/Alias: "189" Or Module ID/Name/Alias: '189' . |
The JSON output contains all the details of all the reports for the specified module (application) from the RSA Archer server.
Following image displays a sample output:
Parameter | Description |
---|---|
Module ID/Name/Alias | ID, Name, or Alias of the RSA Archer module (application) in which you want to update the record. The input value of this field must be in the string format.For example, Module ID/Name/Alias: "189" Or Module ID/Name/Alias: '189' . |
Save Output as HTML Attachment | (Optional) Select the Save Output as HTML Attachment check box, if in addition to the JSON output you also want to add the contents of the output to an HTML file and add that HTML file to the Attachments Module in FortiSOAR™. |
The JSON output contains all the details of the all the fields for the specified module (application) from the RSA Archer server.
Following image displays a sample output:
Parameter | Description |
---|---|
Value List Id | ID of the RSA Archer Value List for which you want to retrieve the corresponding values of its drop-down items. The values include information such as name of the value, ID of the value, and alias of the value. For example, Value List ID: 12 . |
The JSON output contains the list values (values of the list items within a drop-down list) from the RSA Archer server, based on the Value List ID that you have specified.
Following image displays a sample output:
The Sample-RSA Archer-1.0.1
playbook collection comes bundled with the RSA Archer connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the RSA Archer connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection, since the sample playbook collection gets deleted during connector upgrade and delete.