Fortinet Document Library

Version:


Table of Contents

1.0.2
Copy Link

About the connector

RSA Archer® Suite enables you to build effective and collaborative enterprise governance, risk and compliance solutions across domains, including Security Risk Management, Operational Risk Management, and Regulatory and Corporate Compliance.

This document provides information about the RSA Archer connector, which facilitates automated interactions, with an RSA Archer server using FortiSOAR™ playbooks. Add the RSA Archer connector as a step in FortiSOAR™ playbooks and perform automated operations, such as getting all the information for a record or a report.

Version information

Connector Version: 1.0.2

FortiSOAR™ Version Tested on: 4.11.0-1161

RSA Archer Version Tested on: 6.2.0.1

Authored By: Fortinet

Certified: Yes

Release Notes for version 1.0.2

Following enhancements have been made to the RSA Archer Connector in version 1.0.2:

  • Added the IIS Virtual Path as a configuration parameter.
  • Updated the name of the configuration parameter from Hostname to Server URL.

Installing the connector

All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum command to install connectors:

yum install cyops-connector-rsa-archer

For the detailed procedure to install a connector, click here.

Prerequisites to configuring the connector

  • You must have the URL of the RSA Archer server to which you will connect and perform the automated operations and credentials to access that server.
  • To access the FortiSOAR™ UI, ensure that port 443 is open through the firewall for the FortiSOAR™ instance.
  • For the Create Record and Update Record operations to work, you must know the how to work with the Field Value parameter, which is explained in the Working with the Field Value parameter section.

Working with the Field Value Parameter

This section is optional and only required if you are going to perform the Create Record and Update Record operations. The Create Record and Update Record operations have the Field Value as an input parameter. The Field Value parameter requires to be in the dictionary (dict) format. Following is the explanation of how the Field Value parameter works and how you must enter the value for this parameter in FortiSOAR™. A Fields Value parameter contains a Key-Value pair.

Key: The Key contains the Field Name or Field Alias or Field ID.
Use the Get Fields Details of Module operation to get the Field Name or Field Type values.

Value: You can get the value of the Field Type from the Get Fields Details of Module operation and based on the Field Value Type retrieved following will be the value formats:

  • If Field Value Type is 3, then the value format should be "12/31/2099 11:59AM". If you had specified the field as DateOnly, and you did not specify the time, then the API defaults to 12:00 AM.
    Note: To pass the null value to a Date field, enter a value of "0". For example: {“date” : "0"}
  • If Field Value Type is 4 then to see the values of the list items within the drop-down menu, use the Get Values List Item function. Value should be Value Id, Name, Description, NumericValue or an Alias.
  • If Field Value Type is 8, then the field value contains a dict type. Dict can contain "users" or "groups."
    users: Use the Get All User Details operation to see the usernames or user ids. If you want to add more than one user, you must provide usernames or userids that are comma-separated. For example, "users": "201, 202".
    If you do not want to add any user leave "users" blank.
    groups: Use the Get All Group Details operation to see the group name or group ids. If you want to add more than one group, you must provide group names or group ids that are comma-separated. For example, "groups": "12100, 12101".
    If you do not want to add any group, leave "groups" blank.
  • If Field Value Type is 9, then the API populates the value attribute with the contentId of the related record.
  • If Field Value Type is 19, then you can express the IP address as the standard IPv4 address with four octets. For example: "IP Address" = "192.168.0.13".
    You can also express the IP address value as an IPv6 address in both full and short form. For example, the IP address full form: "IP Address" = “0045:0320:0511:0513:0777:0065:0043:0032” or the IP address in the short form: "IP Address"= "46:0:495:0:776:64::"

Example of what you can enter Field Value parameter in the Create Record and Update Record operations as an input:

{
"Type_of_Monitoring" : "Trend_Alignment",
"Metric Name" : "tes-matrix-1293",
"Description" : "update-testing--ahsdbgfqhy487435kb",
"Measurement Frequency" : "Daily",
"Trend_Expectation" : "<html><head></head><body style=\"font-family: 'Arial'\"></body></html>",
"Metric_Type" : "Key_Risk_Indicator_KRI",
"8014" : {"users" :"202", "groups" : "121231233"},
"Date" : "12/31/2099 11:59AM",
"IP Address" : "192.168.0.13"
}

Configuring the connector

For the procedure to configure a connector, click here.

Configuration parameters

In FortiSOAR™, on the Connectors page, click the RSA Archer connector row, and in the Configuration tab enter the required configuration details.

Parameter Description
Server URL IP address or URL of the RSA Archer server to which you will connect and perform the automated operations.
Port Port number used for connecting to the RSA Archer server.
Instance Name Instance name of the RSA Archer server to which you will connect and perform the automated operations.
Username Username to access the RSA Archer server.
Password Password to access the RSA Archer server.
IIS Virtual Path Virtual Path configured in the IIS Manager.
RSA Archer is hosted in IIS Manager and the IIS Virtual path is configured on "/RSArcher", as seen in the following screenshot:
 
The IIS Virtual Path is used to create the base URL. For example, if your IP is xx.xx.xx.xx1, then the base URL will be created as https://xx.xx.xx.xx1/<IIS Virtual Path>.
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as True.

Actions supported by the connector

The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:

Function Description Annotation and Category
Get Record Retrieves all the details about a record from the RSA Archer server, based on the record ID that you have specified. search_record
Investigation
Get Details For All Reports Retrieve all the details of all the reports from the RSA Archer server. get_reports
Investigation
Get Records by Report Retrieves all the records from the RSA Archer server that have been referenced in the report you have specified by the Report ID, GUID, Name, or Description. search_records
Investigation
Create Record Creates a record in the RSA Archer module, you have specified. create_record
Investigation
Update Record Updates a record in the RSA Archer server, based on the record ID you have specified. update_record
Investigation
Get Details For All Modules Retrieves all the details of all the modules (applications) from the RSA Archer server. get_app_details
Investigation
Get All Users Details Retrieves all the details of all the users from the RSA Archer server. get_users
Investigation
Get All Groups Details Retrieves all the details of all the groups from the RSA Archer server. get_groups
Investigation
Get Reports Details of Module Retrieves all the details of all the reports for the specified module (application) from the RSA Archer server. get_reports
Investigation
Get Fields Details of Module Retrieves all the details of the all the fields for the specified module (application) from the RSA Archer server. get_fields_detail
Investigation
Get Values List Item Retrieves all the list values (values of the list items within a drop-down list) from the RSA Archer server, based on the Value List ID that you have specified. get_fields_detail
Investigation

operation: Get Record

Input parameters

Parameter Description
Record ID ID of the RSA Archer record whose details you want to retrieve.
For example, Record ID: 189.

Output

The JSON output contains all the details about the RSA Archer record, based on the record ID that you have specified.

Following image displays a sample output:

Sample output of the Get Record operation

operation: Get Details For All Reports

Input parameters

Parameter Description
Save Output as HTML Attachment (Optional) Select the Save Output as HTML Attachment check box if in addition to the JSON output you also want to add the contents of the output to an HTML file and add that HTML file to the Attachments Module in FortiSOAR™.

Output

The JSON output contains all the details of all the reports from the RSA Archer server.

Following image displays a sample output:

Sample output of the operation: Get Details For All Reports operation

operation: Get Records by Report

Input parameters

Parameter Description
Record ReportGUID/ReportName/ReportDescription ID, GUID, Name, or Description of the RSA Archer report whose records you want to retrieve.
Page Number Page number from which you want to retrieve records.

Output

The JSON output retrieves all the records from the RSA Archer server that have been referenced in the report you have specified by the Report ID, GUID, Name, or Description.

Following image displays a sample output:

Sample output of the Get Records by Report operation

operation: Create Record

Input parameters

Parameter Description
Module ID/Name/Alias ID, Name, or Alias of the RSA Archer module (application) in which you want to create the record.
The input value of this field must be in the string format.
For example: Module ID/Name/Alias: "189" Or Module ID/Name/Alias: '189'.
Field Values This parameter must be in the dict format and contains a Key-Value pair. For more information, see the Working with the Field Value parameter section.

Output

The JSON output contains the IDs of the record you have created on the RSA Archer server.

Following image displays a sample output:

Sample output of the Create Record operation

operation: Update Record

Input parameters

Parameter Description
Module ID/Name/Alias ID, Name, or Alias of the RSA Archer module (application) in which you want to update the record.
The input value of this field must be in the string format.
For example, Module ID/Name/Alias: "189" Or Module ID/Name/Alias: '189'.
Record Content ID ID of the record that you want to update.
For example, Record Content ID: 189.
Field Values This parameter must be in the dict format and contains a Key-Value pair. For more information, see the Working with the Field Value parameter section.

Output

The JSON output contains the details of the record you have updated on the RSA Archer server.

Following image displays a sample output:

Sample output of the Update Record operation

operation: Get Details For All Modules

Input parameters

Parameter Description
Save Output as HTML Attachment (Optional) Select the Save Output as HTML Attachment check box if in addition to the JSON output you also want to add the contents of the output to an HTML file and add that HTML file to the Attachments Module in FortiSOAR™.

Output

The JSON output contains all the details of all the modules (applications) from the RSA Archer server.

Following image displays a sample output:

Sample output of the Get Details For All Modules operation

operation: Get All Users Details

Input parameters

Parameter Description
Save Output as HTML Attachment (Optional) Select the Save Output as HTML Attachment check box if in addition to the JSON output you also want to add the contents of the output to an HTML file and add that HTML file to the Attachments Module in FortiSOAR™.

Output

The JSON output contains all the details of all the users from the RSA Archer server.

Following image displays a sample output:

Sample output of the Get All Users Details operation

operation: Get All Groups Details

Input parameters

Parameter Description
Save Output as HTML Attachment (Optional) Select the Save Output as HTML Attachment check box if in addition to the JSON output you also want to add the contents of the output to an HTML file and add that HTML file to the Attachments Module in FortiSOAR™.

Output

The JSON output contains all the details of all the groups from the RSA Archer server.

Following image displays a sample output:

Sample output of the Get All Groups Details operation

operation: Get Reports Details of Module

Input parameters

Parameter Description
Module ID/Name/Alias ID, Name, or Alias of the RSA Archer module (application) in which you want to update the record.
The input value of this field must be in the string format.
For example, Module ID/Name/Alias: "189" Or Module ID/Name/Alias: '189'.

Output

The JSON output contains all the details of all the reports for the specified module (application) from the RSA Archer server.

Following image displays a sample output:

Sample output of the Get Reports Details of Module operation

operation: Get Fields Details of Module

Input parameters

Parameter Description
Module ID/Name/Alias ID, Name, or Alias of the RSA Archer module (application) in which you want to update the record.
The input value of this field must be in the string format.
For example, Module ID/Name/Alias: "189" Or Module ID/Name/Alias: '189'.
Save Output as HTML Attachment (Optional) Select the Save Output as HTML Attachment check box, if in addition to the JSON output you also want to add the contents of the output to an HTML file and add that HTML file to the Attachments Module in FortiSOAR™.

Output

The JSON output contains all the details of the all the fields for the specified module (application) from the RSA Archer server.

Following image displays a sample output:

Sample output of the Get Fields Details of Module operation

operation: Get Values List Item

Input parameters

Parameter Description
Value List Id ID of the RSA Archer Value List for which you want to retrieve the corresponding values of its drop-down items. The values include information such as the name of the value, the ID of the value, and the alias of the value.
For example, Value List ID: 12.

Output

The JSON output contains the list values (values of the list items within a drop-down list) from the RSA Archer server, based on the Value List ID that you have specified.

Following image displays a sample output:

Sample output of the Get Values List Item operation

Included playbooks

The Sample-RSA Archer-1.0.2 playbook collection comes bundled with the RSA Archer connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the RSA Archer connector.

  • Create Record
  • Create Record in Metrics
  • Create Security Incident
  • Get All Groups Details
  • Get All Users Details
  • Get Details For All Modules
  • Get Details For All Reports
  • Get Fields Details of Module
  • Get Record
  • Get Records by Report
  • Get Reports Details of Module
  • Get Values List Item
  • Update Record

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.

 

About the connector

RSA Archer® Suite enables you to build effective and collaborative enterprise governance, risk and compliance solutions across domains, including Security Risk Management, Operational Risk Management, and Regulatory and Corporate Compliance.

This document provides information about the RSA Archer connector, which facilitates automated interactions, with an RSA Archer server using FortiSOAR™ playbooks. Add the RSA Archer connector as a step in FortiSOAR™ playbooks and perform automated operations, such as getting all the information for a record or a report.

Version information

Connector Version: 1.0.2

FortiSOAR™ Version Tested on: 4.11.0-1161

RSA Archer Version Tested on: 6.2.0.1

Authored By: Fortinet

Certified: Yes

Release Notes for version 1.0.2

Following enhancements have been made to the RSA Archer Connector in version 1.0.2:

Installing the connector

All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum command to install connectors:

yum install cyops-connector-rsa-archer

For the detailed procedure to install a connector, click here.

Prerequisites to configuring the connector

Working with the Field Value Parameter

This section is optional and only required if you are going to perform the Create Record and Update Record operations. The Create Record and Update Record operations have the Field Value as an input parameter. The Field Value parameter requires to be in the dictionary (dict) format. Following is the explanation of how the Field Value parameter works and how you must enter the value for this parameter in FortiSOAR™. A Fields Value parameter contains a Key-Value pair.

Key: The Key contains the Field Name or Field Alias or Field ID.
Use the Get Fields Details of Module operation to get the Field Name or Field Type values.

Value: You can get the value of the Field Type from the Get Fields Details of Module operation and based on the Field Value Type retrieved following will be the value formats:

Example of what you can enter Field Value parameter in the Create Record and Update Record operations as an input:

{
"Type_of_Monitoring" : "Trend_Alignment",
"Metric Name" : "tes-matrix-1293",
"Description" : "update-testing--ahsdbgfqhy487435kb",
"Measurement Frequency" : "Daily",
"Trend_Expectation" : "<html><head></head><body style=\"font-family: 'Arial'\"></body></html>",
"Metric_Type" : "Key_Risk_Indicator_KRI",
"8014" : {"users" :"202", "groups" : "121231233"},
"Date" : "12/31/2099 11:59AM",
"IP Address" : "192.168.0.13"
}

Configuring the connector

For the procedure to configure a connector, click here.

Configuration parameters

In FortiSOAR™, on the Connectors page, click the RSA Archer connector row, and in the Configuration tab enter the required configuration details.

Parameter Description
Server URL IP address or URL of the RSA Archer server to which you will connect and perform the automated operations.
Port Port number used for connecting to the RSA Archer server.
Instance Name Instance name of the RSA Archer server to which you will connect and perform the automated operations.
Username Username to access the RSA Archer server.
Password Password to access the RSA Archer server.
IIS Virtual Path Virtual Path configured in the IIS Manager.
RSA Archer is hosted in IIS Manager and the IIS Virtual path is configured on "/RSArcher", as seen in the following screenshot:
 
The IIS Virtual Path is used to create the base URL. For example, if your IP is xx.xx.xx.xx1, then the base URL will be created as https://xx.xx.xx.xx1/<IIS Virtual Path>.
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as True.

Actions supported by the connector

The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:

Function Description Annotation and Category
Get Record Retrieves all the details about a record from the RSA Archer server, based on the record ID that you have specified. search_record
Investigation
Get Details For All Reports Retrieve all the details of all the reports from the RSA Archer server. get_reports
Investigation
Get Records by Report Retrieves all the records from the RSA Archer server that have been referenced in the report you have specified by the Report ID, GUID, Name, or Description. search_records
Investigation
Create Record Creates a record in the RSA Archer module, you have specified. create_record
Investigation
Update Record Updates a record in the RSA Archer server, based on the record ID you have specified. update_record
Investigation
Get Details For All Modules Retrieves all the details of all the modules (applications) from the RSA Archer server. get_app_details
Investigation
Get All Users Details Retrieves all the details of all the users from the RSA Archer server. get_users
Investigation
Get All Groups Details Retrieves all the details of all the groups from the RSA Archer server. get_groups
Investigation
Get Reports Details of Module Retrieves all the details of all the reports for the specified module (application) from the RSA Archer server. get_reports
Investigation
Get Fields Details of Module Retrieves all the details of the all the fields for the specified module (application) from the RSA Archer server. get_fields_detail
Investigation
Get Values List Item Retrieves all the list values (values of the list items within a drop-down list) from the RSA Archer server, based on the Value List ID that you have specified. get_fields_detail
Investigation

operation: Get Record

Input parameters

Parameter Description
Record ID ID of the RSA Archer record whose details you want to retrieve.
For example, Record ID: 189.

Output

The JSON output contains all the details about the RSA Archer record, based on the record ID that you have specified.

Following image displays a sample output:

Sample output of the Get Record operation

operation: Get Details For All Reports

Input parameters

Parameter Description
Save Output as HTML Attachment (Optional) Select the Save Output as HTML Attachment check box if in addition to the JSON output you also want to add the contents of the output to an HTML file and add that HTML file to the Attachments Module in FortiSOAR™.

Output

The JSON output contains all the details of all the reports from the RSA Archer server.

Following image displays a sample output:

Sample output of the operation: Get Details For All Reports operation

operation: Get Records by Report

Input parameters

Parameter Description
Record ReportGUID/ReportName/ReportDescription ID, GUID, Name, or Description of the RSA Archer report whose records you want to retrieve.
Page Number Page number from which you want to retrieve records.

Output

The JSON output retrieves all the records from the RSA Archer server that have been referenced in the report you have specified by the Report ID, GUID, Name, or Description.

Following image displays a sample output:

Sample output of the Get Records by Report operation

operation: Create Record

Input parameters

Parameter Description
Module ID/Name/Alias ID, Name, or Alias of the RSA Archer module (application) in which you want to create the record.
The input value of this field must be in the string format.
For example: Module ID/Name/Alias: "189" Or Module ID/Name/Alias: '189'.
Field Values This parameter must be in the dict format and contains a Key-Value pair. For more information, see the Working with the Field Value parameter section.

Output

The JSON output contains the IDs of the record you have created on the RSA Archer server.

Following image displays a sample output:

Sample output of the Create Record operation

operation: Update Record

Input parameters

Parameter Description
Module ID/Name/Alias ID, Name, or Alias of the RSA Archer module (application) in which you want to update the record.
The input value of this field must be in the string format.
For example, Module ID/Name/Alias: "189" Or Module ID/Name/Alias: '189'.
Record Content ID ID of the record that you want to update.
For example, Record Content ID: 189.
Field Values This parameter must be in the dict format and contains a Key-Value pair. For more information, see the Working with the Field Value parameter section.

Output

The JSON output contains the details of the record you have updated on the RSA Archer server.

Following image displays a sample output:

Sample output of the Update Record operation

operation: Get Details For All Modules

Input parameters

Parameter Description
Save Output as HTML Attachment (Optional) Select the Save Output as HTML Attachment check box if in addition to the JSON output you also want to add the contents of the output to an HTML file and add that HTML file to the Attachments Module in FortiSOAR™.

Output

The JSON output contains all the details of all the modules (applications) from the RSA Archer server.

Following image displays a sample output:

Sample output of the Get Details For All Modules operation

operation: Get All Users Details

Input parameters

Parameter Description
Save Output as HTML Attachment (Optional) Select the Save Output as HTML Attachment check box if in addition to the JSON output you also want to add the contents of the output to an HTML file and add that HTML file to the Attachments Module in FortiSOAR™.

Output

The JSON output contains all the details of all the users from the RSA Archer server.

Following image displays a sample output:

Sample output of the Get All Users Details operation

operation: Get All Groups Details

Input parameters

Parameter Description
Save Output as HTML Attachment (Optional) Select the Save Output as HTML Attachment check box if in addition to the JSON output you also want to add the contents of the output to an HTML file and add that HTML file to the Attachments Module in FortiSOAR™.

Output

The JSON output contains all the details of all the groups from the RSA Archer server.

Following image displays a sample output:

Sample output of the Get All Groups Details operation

operation: Get Reports Details of Module

Input parameters

Parameter Description
Module ID/Name/Alias ID, Name, or Alias of the RSA Archer module (application) in which you want to update the record.
The input value of this field must be in the string format.
For example, Module ID/Name/Alias: "189" Or Module ID/Name/Alias: '189'.

Output

The JSON output contains all the details of all the reports for the specified module (application) from the RSA Archer server.

Following image displays a sample output:

Sample output of the Get Reports Details of Module operation

operation: Get Fields Details of Module

Input parameters

Parameter Description
Module ID/Name/Alias ID, Name, or Alias of the RSA Archer module (application) in which you want to update the record.
The input value of this field must be in the string format.
For example, Module ID/Name/Alias: "189" Or Module ID/Name/Alias: '189'.
Save Output as HTML Attachment (Optional) Select the Save Output as HTML Attachment check box, if in addition to the JSON output you also want to add the contents of the output to an HTML file and add that HTML file to the Attachments Module in FortiSOAR™.

Output

The JSON output contains all the details of the all the fields for the specified module (application) from the RSA Archer server.

Following image displays a sample output:

Sample output of the Get Fields Details of Module operation

operation: Get Values List Item

Input parameters

Parameter Description
Value List Id ID of the RSA Archer Value List for which you want to retrieve the corresponding values of its drop-down items. The values include information such as the name of the value, the ID of the value, and the alias of the value.
For example, Value List ID: 12.

Output

The JSON output contains the list values (values of the list items within a drop-down list) from the RSA Archer server, based on the Value List ID that you have specified.

Following image displays a sample output:

Sample output of the Get Values List Item operation

Included playbooks

The Sample-RSA Archer-1.0.2 playbook collection comes bundled with the RSA Archer connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the RSA Archer connector.

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.