About the connector
RSA Archer® Suite enables you to build an effective and collaborative enterprise governance, risk and compliance solutions across domains, including Security Risk Management, Operational Risk Management and Regulatory and Corporate Compliance.
This document provides information about the RSA Archer connector, which facilitates automated interactions, with an RSA Archer server using FortiSOAR™ playbooks. Add the RSA Archer connector as a step in FortiSOAR™ playbooks and perform automated operations, such as getting all the information for a record or a report.
Version information
Connector Version: 1.0.1
Compatibility with FortiSOAR™ Versions: 4.9.0.0-708 and later
Compatibility with RSA Archer Versions: 6.2.0.1 and later
Release Notes for version 1.0.1
Following enhancements have been made to the RSA Archer Connector in version 1.0.1:
- Renamed the connector from RSA Archer Secops to RSA Archer.
- Renamed the
Get Record by RecordID connector function and playbook to Get Record.
- Updated the configuration parameter Verify SSL to default to as
False.
- Renamed the Create Attachment input parameter to Save Output as HTML Attachment.
- Added a new playbook, named Create Security Incident.
Installing the connector
For the procedure to install a connector, click here.
Prerequisites to configuring the connector
- You must have the URL of the RSA Archer server to which you will connect and perform the automated operations and credentials to access that server.
- To access the FortiSOAR™ UI, ensure that port 443 is open through the firewall for the FortiSOAR™ instance.
- For the Create Record and Update Record operations to work, you must know the how to work with the Field Value parameter, which is explained in the Working with the Field Value parameter section.
Working with the Field Value parameter
This section is optional and only required if you are going to perform the Create Record and Update Record operations. The Create Record and Update Record operations has the Field Value as an input parameter. The Field Value parameter requires to be in the dictionary (dict) format. Following is the explanation of how the Field Value parameter works and how you must enter the value for this parameter in FortiSOAR™. A Fields Value parameter contains a Key-Value pair.
Key: The Key contains the Field Name or Field Alias or Field ID.
Use the Get Fields Details of Module operation to get the Field Name or Field Type values.
Value: You can get the value of the Field Type from the Get Fields Details of Module operation and based on the Field Value Type retrieved following will be the value formats:
- If Field Value Type is 3 then the value format should be "12/31/2099 11:59AM". If you had specified the field as DateOnly, and you did not specify the time, then the API defaults to 12:00 AM.
Note: To pass the null value to a Date field, enter a value of "0". For example: {“date” : "0"}
- If Field Value Type is 4 then to see the values of the list items within the drop-down menu, use the
Get Values List Item function. Value should be Value Id, Name, Description, NumericValue or an Alias.
- If Field Value Type is 8 then the field value contains a dict type. Dict can contain "users" or "groups".
users: Use the Get All User Details operation to see the usernames or user ids. If you want to add more than one user, you must provide usernames or userids that are comma-separated. For example, "users": "201, 202".
If you do not want to add any user leave "users" blank.
groups: Use the Get All Group Details operation to see the group name or group ids. If you want to add more than one group, you must provide group names or group ids that are comma-separated. For example, "groups": "12100, 12101".
If you do not want to add any group leave "groups" blank.
- If Field Value Type is 9 then the API populates the value attribute with the
contentId of the related record.
- If Field Value Type is 19 then you can express the IP address as the standard IPv4 address with four octets. For example:
"IP Address" = "192.168.0.13".
You can also express the IP address value as an IPv6 address in both full and short form. For example, the IP address full form: "IP Address" = “0045:0320:0511:0513:0777:0065:0043:0032” or the IP address in the short form: "IP Address"= "46:0:495:0:776:64::"
Example of what you can enter Field Value parameter in the Create Record and Update Record operations as an input:
{
"Type_of_Monitoring" : "Trend_Alignment",
"Metric Name" : "tes-matrix-1293",
"Description" : "update-testing--ahsdbgfqhy487435kb",
"Measurement Frequency" : "Daily",
"Trend_Expectation" : "<html><head></head><body style=\"font-family: 'Arial'\"></body></html>",
"Metric_Type" : "Key_Risk_Indicator_KRI",
"8014" : {"users" :"202", "groups" : "121231233"},
"Date" : "12/31/2099 11:59AM",
"IP Address" : "192.168.0.13"
}
Configuring the connector
For the procedure to configure a connector, click here.
Configuration parameters
In FortiSOAR™, on the Connectors page, select the RSA Archer connector and click Configure to configure the following parameters:
| Parameter |
Description |
| Hostname |
IP address or Hostname of the RSA Archer server. |
| Port |
Port number used for connecting to the RSA Archer server. |
| Instance Name |
Instance name of the RSA Archer server to which you will connect and perform the automated operations. |
| Username |
Username to access the RSA Archer server. |
| Password |
Password to access the RSA Archer server. |
| Verify SSL |
Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as False. |
Actions supported by the connector
The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:
| Function |
Description |
Annotation and Category |
| Get Record |
Retrieves all the details about a record from the RSA Archer server, based on the record ID that you have specified. |
search_record
Investigation |
| Get Details For All Reports |
Retrieve all the details of all the reports from the RSA Archer server. |
get_reports
Investigation |
| Get Records by Report |
Retrieves all the records from the RSA Archer server that have been referenced in the report you have specified by the Report ID, GUID, Name, or Description. |
search_records
Investigation |
| Create Record |
Creates a record in the RSA Archer module, you have specified. |
create_record
Investigation |
| Update Record |
Updates a record in the RSA Archer server, based on the record ID you have specified. |
update_record
Investigation |
| Get Details For All Modules |
Retrieves all the details of all the modules (applications) from the RSA Archer server. |
get_app_details
Investigation |
| Get All Users Details |
Retrieves all the details of all the users from the RSA Archer server. |
get_users
Investigation |
| Get All Groups Details |
Retrieves all the details of all the groups from the RSA Archer server. |
get_groups
Investigation |
| Get Reports Details of Module |
Retrieves all the details of all the reports for the specified module (application) from the RSA Archer server. |
get_reports
Investigation |
| Get Fields Details of Module |
Retrieves all the details of the all the fields for the specified module (application) from the RSA Archer server. |
get_fields_detail
Investigation |
| Get Values List Item |
Retrieves all the list values (values of the list items within a drop-down list) from the RSA Archer server, based on the Value List ID that you have specified. |
get_fields_detail
Investigation |
operation: Get Record
Input parameters
| Parameter |
Description |
| Record ID |
ID of the RSA Archer record whose details you want to retrieve.
For example, Record ID: 189. |
Output
The JSON output contains all the details about the RSA Archer record, based on the record ID that you have specified.
Following image displays a sample output:
operation: Get Details For All Reports
Input parameters
| Parameter |
Description |
| Save Output as HTML Attachment |
(Optional) Select the Save Output as HTML Attachment check box if in addition to the JSON output you also want to add the contents of the output to an HTML file and add that HTML file to the Attachments Module in FortiSOAR™. |
Output
The JSON output contains all the details of all the reports from the RSA Archer server.
Following image displays a sample output:
operation: Get Records by Report
Input parameters
| Parameter |
Description |
| Record ReportGUID/ReportName/ReportDescription |
ID, GUID, Name, or Description of the RSA Archer report whose records you want to retrieve. |
| Page Number |
Page number from which you want to retrieve records. |
Output
The JSON output retrieves all the records from the RSA Archer server that have been referenced in the report you have specified by the Report ID, GUID, Name, or Description.
Following image displays a sample output:
operation: Create Record
Input parameters
| Parameter |
Description |
| Module ID/Name/Alias |
ID, Name, or Alias of the RSA Archer module (application) in which you want to create the record.
The input value of this field must be in the string format.
For example: Module ID/Name/Alias: "189" Or Module ID/Name/Alias: '189'. |
| Field Values |
This parameter must be in the dict format and contains a Key-Value pair. For more information, see the Working with the Field Value parameter section. |
Output
The JSON output contains the IDs of the record you have created on the RSA Archer server.
Following image displays a sample output:
operation: Update Record
Input parameters
| Parameter |
Description |
| Module ID/Name/Alias |
ID, Name, or Alias of the RSA Archer module (application) in which you want to update the record.
The input value of this field must be in the string format.
For example, Module ID/Name/Alias: "189" Or Module ID/Name/Alias: '189'. |
| Record Content ID |
ID of the record that you want to update.
For example, Record Content ID: 189. |
| Field Values |
This parameter must be in the dict format and contains a Key-Value pair. For more information, see the Working with the Field Value parameter section. |
Output
The JSON output contains the details of the record you have updated on the RSA Archer server.
Following image displays a sample output:
operation: Get Details For All Modules
Input parameters
| Parameter |
Description |
| Save Output as HTML Attachment |
(Optional) Select the Save Output as HTML Attachment check box if in addition to the JSON output you also want to add the contents of the output to an HTML file and add that HTML file to the Attachments Module in FortiSOAR™. |
Output
The JSON output contains all the details of all the modules (applications) from the RSA Archer server.
Following image displays a sample output:
operation: Get All Users Details
Input parameters
| Parameter |
Description |
| Save Output as HTML Attachment |
(Optional) Select the Save Output as HTML Attachment check box if in addition to the JSON output you also want to add the contents of the output to an HTML file and add that HTML file to the Attachments Module in FortiSOAR™. |
Output
The JSON output contains all the details of all the users from the RSA Archer server.
Following image displays a sample output:
operation: Get All Groups Details
Input parameters
| Parameter |
Description |
| Save Output as HTML Attachment |
(Optional) Select the Save Output as HTML Attachment check box if in addition to the JSON output you also want to add the contents of the output to an HTML file and add that HTML file to the Attachments Module in FortiSOAR™. |
Output
The JSON output contains all the details of all the groups from the RSA Archer server.
Following image displays a sample output:
operation: Get Reports Details of Module
Input parameters
| Parameter |
Description |
| Module ID/Name/Alias |
ID, Name, or Alias of the RSA Archer module (application) in which you want to update the record.
The input value of this field must be in the string format.
For example, Module ID/Name/Alias: "189" Or Module ID/Name/Alias: '189'. |
Output
The JSON output contains all the details of all the reports for the specified module (application) from the RSA Archer server.
Following image displays a sample output:
operation: Get Fields Details of Module
Input parameters
| Parameter |
Description |
| Module ID/Name/Alias |
ID, Name, or Alias of the RSA Archer module (application) in which you want to update the record.
The input value of this field must be in the string format.
For example, Module ID/Name/Alias: "189" Or Module ID/Name/Alias: '189'. |
| Save Output as HTML Attachment |
(Optional) Select the Save Output as HTML Attachment check box, if in addition to the JSON output you also want to add the contents of the output to an HTML file and add that HTML file to the Attachments Module in FortiSOAR™. |
Output
The JSON output contains all the details of the all the fields for the specified module (application) from the RSA Archer server.
Following image displays a sample output:
operation: Get Values List Item
Input parameters
| Parameter |
Description |
| Value List Id |
ID of the RSA Archer Value List for which you want to retrieve the corresponding values of its drop-down items. The values include information such as name of the value, ID of the value, and alias of the value.
For example, Value List ID: 12. |
Output
The JSON output contains the list values (values of the list items within a drop-down list) from the RSA Archer server, based on the Value List ID that you have specified.
Following image displays a sample output:
Included playbooks
The Sample-RSA Archer-1.0.1 playbook collection comes bundled with the RSA Archer connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the RSA Archer connector.
- Create Record
- Create Record in Matrix
- Create Security Incident
- Get All Groups Details
- Get All Users Details
- Get Details For All Modules
- Get Details For All Reports
- Get Fields Details of Module
- Get Record
- Get Records by Report
- Get Reports Details of Module
- Get Values List Item
- Update Record
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection, since the sample playbook collection gets deleted during connector upgrade and delete.
