000029172 - RSA SecOps versions and technology compatibility with integrated RSA products

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000029172
Applies ToRSA Product Set: Archer, Security Analytics

RSA Product/Service Type: SecOps
SecOps Versions: 1.0, 1.1, 1.2
Archer Versions: 5.3.x, 5.4.1, 5.4.1.1, 5.5.x, 5.5.1.x
SA Versions: 10.1, 10.2.2.x, 10.3.1, 10.3.2, 10.3.3, 10.4.x
AIMS Versions: 1.0, 1.1
ACI Versions: 2.0
IssueThis article details version compatibility between SecOps, Archer and SA.
 
Note: In SecOps 1.2, RSA introduces SAIM, which is used in Security Analytics to populate incidents in Archer. See the glossary in the resolution section below for further details.
Tasks
 
ResolutionVersion Compatibility
Archer/ SA10.110.2.2.x10.3.010.3.110.3.210.3.310.4.x
5.3.xAIMS 1.0      
5.4.1 AIMS 1.1, SecOps 1.0,
   SecOps 1.1
AIMS 1.1, 
   SecOps 1.1
AIMS 1.1, 
   SecOps 1.1
SecOps 1.1SecOps 1.1 
5.4.1.1 AIMS 1.1, 
   SecOps 1.0
AIMS 1.1, AIMS 1.1,   SecOps 1.2
5.5.x AIMS 1.1, 
   SecOps 1.0,
   SecOps 1.1
AIMS 1.1, 
   SecOps 1.1
AIMS 1.1, 
   SecOps 1.1
SecOps 1.1SecOps 1.1SecOps 1.2
5.5.1.x AIMS 1.1, 
   SecOps 1.0
AIMS 1.1, 
    
AIMS 1.1,   SecOps 1.2

Technology Compatibility
Versions / TechnologyPopulate Alerts / IncidentsPopulate Business Context 
AIMS 1.0RCF 2.5 - AIMS pluginsRCF 2.5 - ACI plugins
AIMS 1.1RCF 2.5 - AIMS pluginsRCF 2.5 - ACI plugins
SecOps 1.0RCF 2.6 - SecOps pluginsRCF 2.6 - EM plugins
SecOps 1.1RCF 2.7 - SecOps pluginsRCF 2.7 - EM plugins
SecOps 1.2(SA)  SAIM service
   (Splunk / ArcSight) RCF 2.7 - SecOps plugins
RCF 2.7 - EM plugins

For further information on other Archer Solutions and their version compatibility, please see the community:
https://community.emc.com/docs/DOC-26715
 
Glossary:
RCFRSA Connector Framework. It is a java based program to facilitate various plugins.
AIMS PluginsA plugin module within RCF. It is listens to Syslog traffic and populate Alert information to Archer.
ACI PluginsA plugin module within RCF. It pulls Device records from Archer and stored it as csv. It also act as a Web server for SA live to retrieve the csv.
SecOps PluginsSimilar to AIMS plugins, with added capability to process ESA alerts from SA (RCF 2.7).
EM PluginsSimilar to ACI plugins.
SAIM ServiceIt includes an instance of Rabbitmq server. It communicates to the Rabbitmq server on SA using AMQP with SSL. There are 2 modes of integration, Full mode and Mixed mode. Full mode will populate all incidents from SA Incident Management to Archer. Mixed mode allows for incident triage within SA, as well as populate to Archer. It also allows SA to create remediation tasks and populate to Archer.

Attachments

    Outcomes