000029172 - RSA Archer SecOps versions and technology compatibility with integrated RSA products

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support on May 1, 2019
Version 4Show Document
  • View in full screen mode

Article Content

Article Number000029172
Applies ToRSA Product Set: Archer, Security Analytics

RSA Product/Service Type: SecOps
SecOps Versions: 1.0, 1.1, 1.2
Archer Versions: 5.3.x, 5.4.1,, 5.5.x, 5.5.1.x
SA Versions: 10.1, 10.2.2.x, 10.3.1, 10.3.2, 10.3.3, 10.4.x
AIMS Versions: 1.0, 1.1
ACI Versions: 2.0
IssueThis article details version compatibility between SecOps, Archer and Security Analytics.
Note: In SecOps 1.2, RSA introduces SAIM, which is used in Security Analytics to populate incidents in Archer. See the glossary in the resolution section below for further details.

ResolutionVersion Compatibility
Archer/ SA10.
5.5.xAIMS 1.1, 
   SecOps 1.1
SecOps 1.1SecOps 1.1SecOps 1.2   
5.5.1.xAIMS 1.1,   SecOps 1.2   
5.5.4.x    SecOps 1.3.1.xSecOps 1.3.1.x    SecOps 1.3.1.xSecOps 1.3.1.x      SecOps
6.3    SecOps 1.3.1.xSecOps 1.3.1.x 

Technology Compatibility

Versions / TechnologyPopulate Alerts / IncidentsPopulate Business Context 
SecOps 1.2(SA)  SAIM service
   (Splunk / ArcSight) RCF 2.7 - SecOps plugins
RCF 2.7 - EM plugins

For further information on other Archer Solutions and their version compatibility, please see the community:
RSA Unified Collector Framework versions shipped with SecOps
Start -> Add / Remove Programs and Features
Versions / TechnologyRSA Unified Collector Framework Version
   as reported in Add/Remove Programs and Features


RCFRSA Connector Framework. It is a java based program to facilitate various plugins.
AIMS PluginsA plugin module within RCF. It listens to Syslog traffic and populates Alert information to Archer.
ACI PluginsA plugin module within RCF. It pulls Device records from Archer and stored it as CSV. It also acts as a Web server for SA live to retrieve the CSV.
SecOps PluginsSimilar to AIMS plugins, with the added capability to process ESA alerts from SA (RCF 2.7).
EM PluginsSimilar to ACI plugins.
SAIM ServiceIt includes an instance of Rabbitmq server. It communicates to the Rabbitmq server on SA using AMQP with SSL. There are 2 modes of integration, Full mode and Mixed mode. Full mode will populate all incidents from SA Incident Management to Archer. Mixed mode allows for incident triage within SA, as well as populate to Archer. It also allows SA to create remediation tasks and populate to Archer.