Fortinet Document Library

Version:


Table of Contents

1.0.1
Copy Link

About the connector

RSA Archer® Suite enables you to build an effective and collaborative enterprise governance, risk and compliance solutions across domains, including Security Risk Management, Operational Risk Management and Regulatory and Corporate Compliance.

This document provides information about the RSA Archer connector, which facilitates automated interactions, with an RSA Archer server using FortiSOAR™ playbooks. Add the RSA Archer connector as a step in FortiSOAR™ playbooks and perform automated operations, such as getting all the information for a record or a report.

 

Version information

Connector Version: 1.0.1

Compatibility with FortiSOAR™ Versions: 4.9.0.0-708 and later

Compatibility with RSA Archer Versions: 6.2.0.1 and later

 

Release Notes for version 1.0.1

Following enhancements have been made to the RSA Archer Connector in version 1.0.1:

  • Renamed the connector from RSA Archer Secops to RSA Archer.
  • Renamed the Get Record by RecordID connector function and playbook to Get Record.
  • Updated the configuration parameter Verify SSL to default to as False.
  • Renamed the Create Attachment input parameter to Save Output as HTML Attachment.
  • Added a new playbook, named Create Security Incident.

Installing the connector

For the procedure to install a connector, click here.

 

Prerequisites to configuring the connector

  • You must have the URL of the RSA Archer server to which you will connect and perform the automated operations and credentials to access that server.
  • To access the FortiSOAR™ UI, ensure that port 443 is open through the firewall for the FortiSOAR™ instance.
  • For the Create Record and Update Record operations to work, you must know the how to work with the Field Value parameter, which is explained in the Working with the Field Value parameter section.

Working with the Field Value parameter

This section is optional and only required if you are going to perform the Create Record and Update Record operations. The Create Record and Update Record operations has the Field Value as an input parameter. The Field Value parameter requires to be in the dictionary (dict) format. Following is the explanation of how the Field Value parameter works and how you must enter the value for this parameter in FortiSOAR™. A Fields Value parameter contains a Key-Value pair.

Key: The Key contains the Field Name or Field Alias or Field ID.
Use the Get Fields Details of Module operation to get the Field Name or Field Type values.

Value: You can get the value of the Field Type from the Get Fields Details of Module operation and based on the Field Value Type retrieved following will be the value formats:

  • If Field Value Type is 3 then the value format should be "12/31/2099 11:59AM". If you had specified the field as DateOnly, and you did not specify the time, then the API defaults to 12:00 AM.
    Note: To pass the null value to a Date field, enter a value of "0". For example: {“date” : "0"}
  • If Field Value Type is 4 then to see the values of the list items within the drop-down menu, use the Get Values List Item function. Value should be Value Id, Name, Description, NumericValue or an Alias.
  • If Field Value Type is 8 then the field value contains a dict type. Dict can contain "users" or "groups".
    users: Use the Get All User Details operation to see the usernames or user ids. If you want to add more than one user, you must provide usernames or userids that are comma-separated. For example, "users": "201, 202".
    If you do not want to add any user leave "users" blank.
    groups: Use the Get All Group Details operation to see the group name or group ids. If you want to add more than one group, you must provide group names or group ids that are comma-separated. For example, "groups": "12100, 12101".
    If you do not want to add any group leave "groups" blank.
  • If Field Value Type is 9 then the API populates the value attribute with the contentId of the related record.
  • If Field Value Type is 19 then you can express the IP address as the standard IPv4 address with four octets. For example: "IP Address" = "192.168.0.13".
    You can also express the IP address value as an IPv6 address in both full and short form. For example, the IP address full form: "IP Address" = “0045:0320:0511:0513:0777:0065:0043:0032” or the IP address in the short form: "IP Address"= "46:0:495:0:776:64::"

Example of what you can enter Field Value parameter in the Create Record and Update Record operations as an input:

 

{
"Type_of_Monitoring" : "Trend_Alignment",
"Metric Name" : "tes-matrix-1293",
"Description" : "update-testing--ahsdbgfqhy487435kb",
"Measurement Frequency" : "Daily",
"Trend_Expectation" : "<html><head></head><body style=\"font-family: 'Arial'\"></body></html>",
"Metric_Type" : "Key_Risk_Indicator_KRI",
"8014" : {"users" :"202", "groups" : "121231233"},
"Date" : "12/31/2099 11:59AM",
"IP Address" : "192.168.0.13"
}

 

Configuring the connector

For the procedure to configure a connector, click here.

 

Configuration parameters

In FortiSOAR™, on the Connectors page, select the RSA Archer connector and click Configure to configure the following parameters:

 

Parameter Description
Hostname IP address or Hostname of the RSA Archer server.
Port Port number used for connecting to the RSA Archer server.
Instance Name Instance name of the RSA Archer server to which you will connect and perform the automated operations.
Username Username to access the RSA Archer server.
Password Password to access the RSA Archer server.
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as False.

 

 

Actions supported by the connector

The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:

 

Function Description Annotation and Category
Get Record Retrieves all the details about a record from the RSA Archer server, based on the record ID that you have specified. search_record
Investigation
Get Details For All Reports Retrieve all the details of all the reports from the RSA Archer server. get_reports
Investigation
Get Records by Report Retrieves all the records from the RSA Archer server that have been referenced in the report you have specified by the Report ID, GUID, Name, or Description. search_records
Investigation
Create Record Creates a record in the RSA Archer module, you have specified. create_record
Investigation
Update Record Updates a record in the RSA Archer server, based on the record ID you have specified. update_record
Investigation
Get Details For All Modules Retrieves all the details of all the modules (applications) from the RSA Archer server. get_app_details
Investigation
Get All Users Details Retrieves all the details of all the users from the RSA Archer server. get_users
Investigation
Get All Groups Details Retrieves all the details of all the groups from the RSA Archer server. get_groups
Investigation
Get Reports Details of Module Retrieves all the details of all the reports for the specified module (application) from the RSA Archer server. get_reports
Investigation
Get Fields Details of Module Retrieves all the details of the all the fields for the specified module (application) from the RSA Archer server. get_fields_detail
Investigation
Get Values List Item Retrieves all the list values (values of the list items within a drop-down list) from the RSA Archer server, based on the Value List ID that you have specified. get_fields_detail
Investigation

 

operation: Get Record

Input parameters

 

Parameter Description
Record ID ID of the RSA Archer record whose details you want to retrieve.
For example, Record ID: 189.

 

Output

The JSON output contains all the details about the RSA Archer record, based on the record ID that you have specified.

Following image displays a sample output:

 

Sample output of the Get Record operation

 

operation: Get Details For All Reports

Input parameters

 

Parameter Description
Save Output as HTML Attachment (Optional) Select the Save Output as HTML Attachment check box if in addition to the JSON output you also want to add the contents of the output to an HTML file and add that HTML file to the Attachments Module in FortiSOAR™.

 

Output

The JSON output contains all the details of all the reports from the RSA Archer server.

Following image displays a sample output:

 

Sample output of the operation: Get Details For All Reports operation

 

operation: Get Records by Report

Input parameters

 

Parameter Description
Record ReportGUID/ReportName/ReportDescription ID, GUID, Name, or Description of the RSA Archer report whose records you want to retrieve.
Page Number Page number from which you want to retrieve records.

 

Output

The JSON output retrieves all the records from the RSA Archer server that have been referenced in the report you have specified by the Report ID, GUID, Name, or Description.

Following image displays a sample output:

 

Sample output of the Get Records by Report operation

 

operation: Create Record

Input parameters

 

Parameter Description
Module ID/Name/Alias ID, Name, or Alias of the RSA Archer module (application) in which you want to create the record.
The input value of this field must be in the string format.
For example: Module ID/Name/Alias: "189" Or Module ID/Name/Alias: '189'.
Field Values This parameter must be in the dict format and contains a Key-Value pair. For more information, see the Working with the Field Value parameter section.

 

Output

The JSON output contains the IDs of the record you have created on the RSA Archer server.

Following image displays a sample output:

 

Sample output of the Create Record operation

 

operation: Update Record

Input parameters

 

Parameter Description
Module ID/Name/Alias ID, Name, or Alias of the RSA Archer module (application) in which you want to update the record.
The input value of this field must be in the string format.
For example, Module ID/Name/Alias: "189" Or Module ID/Name/Alias: '189'.
Record Content ID ID of the record that you want to update.
For example, Record Content ID: 189.
Field Values This parameter must be in the dict format and contains a Key-Value pair. For more information, see the Working with the Field Value parameter section.

 

Output

The JSON output contains the details of the record you have updated on the RSA Archer server.

Following image displays a sample output:

 

Sample output of the Update Record operation

 

operation: Get Details For All Modules

Input parameters

 

Parameter Description
Save Output as HTML Attachment (Optional) Select the Save Output as HTML Attachment check box if in addition to the JSON output you also want to add the contents of the output to an HTML file and add that HTML file to the Attachments Module in FortiSOAR™.

 

Output

The JSON output contains all the details of all the modules (applications) from the RSA Archer server.

Following image displays a sample output:

 

Sample output of the Get Details For All Modules operation

 

operation: Get All Users Details

Input parameters

 

Parameter Description
Save Output as HTML Attachment (Optional) Select the Save Output as HTML Attachment check box if in addition to the JSON output you also want to add the contents of the output to an HTML file and add that HTML file to the Attachments Module in FortiSOAR™.

 

Output

The JSON output contains all the details of all the users from the RSA Archer server.

Following image displays a sample output:

 

Sample output of the Get All Users Details operation

 

operation: Get All Groups Details

Input parameters

 

Parameter Description
Save Output as HTML Attachment (Optional) Select the Save Output as HTML Attachment check box if in addition to the JSON output you also want to add the contents of the output to an HTML file and add that HTML file to the Attachments Module in FortiSOAR™.

 

Output

The JSON output contains all the details of all the groups from the RSA Archer server.

Following image displays a sample output:

 

Sample output of the Get All Groups Details operation

 

operation: Get Reports Details of Module

Input parameters

 

Parameter Description
Module ID/Name/Alias ID, Name, or Alias of the RSA Archer module (application) in which you want to update the record.
The input value of this field must be in the string format.
For example, Module ID/Name/Alias: "189" Or Module ID/Name/Alias: '189'.

 

Output

The JSON output contains all the details of all the reports for the specified module (application) from the RSA Archer server.

Following image displays a sample output:

 

Sample output of the Get Reports Details of Module operation

 

operation: Get Fields Details of Module

Input parameters

 

Parameter Description
Module ID/Name/Alias ID, Name, or Alias of the RSA Archer module (application) in which you want to update the record.
The input value of this field must be in the string format.
For example, Module ID/Name/Alias: "189" Or Module ID/Name/Alias: '189'.
Save Output as HTML Attachment (Optional) Select the Save Output as HTML Attachment check box, if in addition to the JSON output you also want to add the contents of the output to an HTML file and add that HTML file to the Attachments Module in FortiSOAR™.

 

Output

The JSON output contains all the details of the all the fields for the specified module (application) from the RSA Archer server.

Following image displays a sample output:

 

Sample output of the Get Fields Details of Module operation

 

operation: Get Values List Item

Input parameters

 

Parameter Description
Value List Id ID of the RSA Archer Value List for which you want to retrieve the corresponding values of its drop-down items. The values include information such as name of the value, ID of the value, and alias of the value.
For example, Value List ID: 12.

 

Output

The JSON output contains the list values (values of the list items within a drop-down list) from the RSA Archer server, based on the Value List ID that you have specified.

Following image displays a sample output:

 

Sample output of the Get Values List Item operation

 

Included playbooks

The Sample-RSA Archer-1.0.1 playbook collection comes bundled with the RSA Archer connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the RSA Archer connector.

  • Create Record
  • Create Record in Matrix
  • Create Security Incident
  • Get All Groups Details
  • Get All Users Details
  • Get Details For All Modules
  • Get Details For All Reports
  • Get Fields Details of Module
  • Get Record
  • Get Records by Report
  • Get Reports Details of Module
  • Get Values List Item
  • Update Record

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection, since the sample playbook collection gets deleted during connector upgrade and delete.

 

About the connector

RSA Archer® Suite enables you to build an effective and collaborative enterprise governance, risk and compliance solutions across domains, including Security Risk Management, Operational Risk Management and Regulatory and Corporate Compliance.

This document provides information about the RSA Archer connector, which facilitates automated interactions, with an RSA Archer server using FortiSOAR™ playbooks. Add the RSA Archer connector as a step in FortiSOAR™ playbooks and perform automated operations, such as getting all the information for a record or a report.

 

Version information

Connector Version: 1.0.1

Compatibility with FortiSOAR™ Versions: 4.9.0.0-708 and later

Compatibility with RSA Archer Versions: 6.2.0.1 and later

 

Release Notes for version 1.0.1

Following enhancements have been made to the RSA Archer Connector in version 1.0.1:

Installing the connector

For the procedure to install a connector, click here.

 

Prerequisites to configuring the connector

Working with the Field Value parameter

This section is optional and only required if you are going to perform the Create Record and Update Record operations. The Create Record and Update Record operations has the Field Value as an input parameter. The Field Value parameter requires to be in the dictionary (dict) format. Following is the explanation of how the Field Value parameter works and how you must enter the value for this parameter in FortiSOAR™. A Fields Value parameter contains a Key-Value pair.

Key: The Key contains the Field Name or Field Alias or Field ID.
Use the Get Fields Details of Module operation to get the Field Name or Field Type values.

Value: You can get the value of the Field Type from the Get Fields Details of Module operation and based on the Field Value Type retrieved following will be the value formats:

Example of what you can enter Field Value parameter in the Create Record and Update Record operations as an input:

 

{
"Type_of_Monitoring" : "Trend_Alignment",
"Metric Name" : "tes-matrix-1293",
"Description" : "update-testing--ahsdbgfqhy487435kb",
"Measurement Frequency" : "Daily",
"Trend_Expectation" : "<html><head></head><body style=\"font-family: 'Arial'\"></body></html>",
"Metric_Type" : "Key_Risk_Indicator_KRI",
"8014" : {"users" :"202", "groups" : "121231233"},
"Date" : "12/31/2099 11:59AM",
"IP Address" : "192.168.0.13"
}

 

Configuring the connector

For the procedure to configure a connector, click here.

 

Configuration parameters

In FortiSOAR™, on the Connectors page, select the RSA Archer connector and click Configure to configure the following parameters:

 

Parameter Description
Hostname IP address or Hostname of the RSA Archer server.
Port Port number used for connecting to the RSA Archer server.
Instance Name Instance name of the RSA Archer server to which you will connect and perform the automated operations.
Username Username to access the RSA Archer server.
Password Password to access the RSA Archer server.
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as False.

 

 

Actions supported by the connector

The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:

 

Function Description Annotation and Category
Get Record Retrieves all the details about a record from the RSA Archer server, based on the record ID that you have specified. search_record
Investigation
Get Details For All Reports Retrieve all the details of all the reports from the RSA Archer server. get_reports
Investigation
Get Records by Report Retrieves all the records from the RSA Archer server that have been referenced in the report you have specified by the Report ID, GUID, Name, or Description. search_records
Investigation
Create Record Creates a record in the RSA Archer module, you have specified. create_record
Investigation
Update Record Updates a record in the RSA Archer server, based on the record ID you have specified. update_record
Investigation
Get Details For All Modules Retrieves all the details of all the modules (applications) from the RSA Archer server. get_app_details
Investigation
Get All Users Details Retrieves all the details of all the users from the RSA Archer server. get_users
Investigation
Get All Groups Details Retrieves all the details of all the groups from the RSA Archer server. get_groups
Investigation
Get Reports Details of Module Retrieves all the details of all the reports for the specified module (application) from the RSA Archer server. get_reports
Investigation
Get Fields Details of Module Retrieves all the details of the all the fields for the specified module (application) from the RSA Archer server. get_fields_detail
Investigation
Get Values List Item Retrieves all the list values (values of the list items within a drop-down list) from the RSA Archer server, based on the Value List ID that you have specified. get_fields_detail
Investigation

 

operation: Get Record

Input parameters

 

Parameter Description
Record ID ID of the RSA Archer record whose details you want to retrieve.
For example, Record ID: 189.

 

Output

The JSON output contains all the details about the RSA Archer record, based on the record ID that you have specified.

Following image displays a sample output:

 

Sample output of the Get Record operation

 

operation: Get Details For All Reports

Input parameters

 

Parameter Description
Save Output as HTML Attachment (Optional) Select the Save Output as HTML Attachment check box if in addition to the JSON output you also want to add the contents of the output to an HTML file and add that HTML file to the Attachments Module in FortiSOAR™.

 

Output

The JSON output contains all the details of all the reports from the RSA Archer server.

Following image displays a sample output:

 

Sample output of the operation: Get Details For All Reports operation

 

operation: Get Records by Report

Input parameters

 

Parameter Description
Record ReportGUID/ReportName/ReportDescription ID, GUID, Name, or Description of the RSA Archer report whose records you want to retrieve.
Page Number Page number from which you want to retrieve records.

 

Output

The JSON output retrieves all the records from the RSA Archer server that have been referenced in the report you have specified by the Report ID, GUID, Name, or Description.

Following image displays a sample output:

 

Sample output of the Get Records by Report operation

 

operation: Create Record

Input parameters

 

Parameter Description
Module ID/Name/Alias ID, Name, or Alias of the RSA Archer module (application) in which you want to create the record.
The input value of this field must be in the string format.
For example: Module ID/Name/Alias: "189" Or Module ID/Name/Alias: '189'.
Field Values This parameter must be in the dict format and contains a Key-Value pair. For more information, see the Working with the Field Value parameter section.

 

Output

The JSON output contains the IDs of the record you have created on the RSA Archer server.

Following image displays a sample output:

 

Sample output of the Create Record operation

 

operation: Update Record

Input parameters

 

Parameter Description
Module ID/Name/Alias ID, Name, or Alias of the RSA Archer module (application) in which you want to update the record.
The input value of this field must be in the string format.
For example, Module ID/Name/Alias: "189" Or Module ID/Name/Alias: '189'.
Record Content ID ID of the record that you want to update.
For example, Record Content ID: 189.
Field Values This parameter must be in the dict format and contains a Key-Value pair. For more information, see the Working with the Field Value parameter section.

 

Output

The JSON output contains the details of the record you have updated on the RSA Archer server.

Following image displays a sample output:

 

Sample output of the Update Record operation

 

operation: Get Details For All Modules

Input parameters

 

Parameter Description
Save Output as HTML Attachment (Optional) Select the Save Output as HTML Attachment check box if in addition to the JSON output you also want to add the contents of the output to an HTML file and add that HTML file to the Attachments Module in FortiSOAR™.

 

Output

The JSON output contains all the details of all the modules (applications) from the RSA Archer server.

Following image displays a sample output:

 

Sample output of the Get Details For All Modules operation

 

operation: Get All Users Details

Input parameters

 

Parameter Description
Save Output as HTML Attachment (Optional) Select the Save Output as HTML Attachment check box if in addition to the JSON output you also want to add the contents of the output to an HTML file and add that HTML file to the Attachments Module in FortiSOAR™.

 

Output

The JSON output contains all the details of all the users from the RSA Archer server.

Following image displays a sample output:

 

Sample output of the Get All Users Details operation

 

operation: Get All Groups Details

Input parameters

 

Parameter Description
Save Output as HTML Attachment (Optional) Select the Save Output as HTML Attachment check box if in addition to the JSON output you also want to add the contents of the output to an HTML file and add that HTML file to the Attachments Module in FortiSOAR™.

 

Output

The JSON output contains all the details of all the groups from the RSA Archer server.

Following image displays a sample output:

 

Sample output of the Get All Groups Details operation

 

operation: Get Reports Details of Module

Input parameters

 

Parameter Description
Module ID/Name/Alias ID, Name, or Alias of the RSA Archer module (application) in which you want to update the record.
The input value of this field must be in the string format.
For example, Module ID/Name/Alias: "189" Or Module ID/Name/Alias: '189'.

 

Output

The JSON output contains all the details of all the reports for the specified module (application) from the RSA Archer server.

Following image displays a sample output:

 

Sample output of the Get Reports Details of Module operation

 

operation: Get Fields Details of Module

Input parameters

 

Parameter Description
Module ID/Name/Alias ID, Name, or Alias of the RSA Archer module (application) in which you want to update the record.
The input value of this field must be in the string format.
For example, Module ID/Name/Alias: "189" Or Module ID/Name/Alias: '189'.
Save Output as HTML Attachment (Optional) Select the Save Output as HTML Attachment check box, if in addition to the JSON output you also want to add the contents of the output to an HTML file and add that HTML file to the Attachments Module in FortiSOAR™.

 

Output

The JSON output contains all the details of the all the fields for the specified module (application) from the RSA Archer server.

Following image displays a sample output:

 

Sample output of the Get Fields Details of Module operation

 

operation: Get Values List Item

Input parameters

 

Parameter Description
Value List Id ID of the RSA Archer Value List for which you want to retrieve the corresponding values of its drop-down items. The values include information such as name of the value, ID of the value, and alias of the value.
For example, Value List ID: 12.

 

Output

The JSON output contains the list values (values of the list items within a drop-down list) from the RSA Archer server, based on the Value List ID that you have specified.

Following image displays a sample output:

 

Sample output of the Get Values List Item operation

 

Included playbooks

The Sample-RSA Archer-1.0.1 playbook collection comes bundled with the RSA Archer connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the RSA Archer connector.

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection, since the sample playbook collection gets deleted during connector upgrade and delete.