000033019 - Incidents not coming through to RSA Archer from RSA Security Analytics

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000033019
Applies ToRSA Product Set: Security Management
RSA Product/Service Type: SecOps
RSA Version/Condition: 1.3
RSA Security Analytics Version: 10.5.1 
RSA Archer: 5.5 SP3 P01 
RSA Unified Connector Framework (UCF): 1.3.0.581 
 
IssueArcher does not receive incidents into Archer from Security Analytics. The below log entry is found in Collector.log
 
15 Apr 2016 17:27:58,289 | ERROR - AbstractQueueListener.executeWorkflow(113) |
org.springframework.amqp.rabbit.listener.ListenerExecutionFailedException: Failed to execute workflow.
at com.rsa.srm.collector.messaging.listener.AbstractQueueListener.executeWorkflow(AbstractQueueListener.java:105)
at com.rsa.srm.collector.messaging.listener.IncidentsQueueListener.onMessage(IncidentsQueueListener.java:35)
at org.springframework.amqp.rabbit.listener.adapter.MessageListenerAdapter.onMessage(MessageListenerAdapter.java:349)
at org.springframework.amqp.rabbit.listener.AbstractMessageListenerContainer.doInvokeListener(AbstractMessageListenerContainer.java:650)
at org.springframework.amqp.rabbit.listener.AbstractMessageListenerContainer.invokeListener(AbstractMessageListenerContainer.java:576)
at org.springframework.amqp.rabbit.listener.SimpleMessageListenerContainer.access$001(SimpleMessageListenerContainer.java:78)
at org.springframework.amqp.rabbit.listener.SimpleMessageListenerContainer$1.invokeListener(SimpleMessageListenerContainer.java:161)
at sun.reflect.GeneratedMethodAccessor146.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
at org.springframework.retry.interceptor.RetryOperationsInterceptor$1.doWithRetry(RetryOperationsInterceptor.java:74)
at org.springframework.retry.support.RetryTemplate.doExecute(RetryTemplate.java:263)
at org.springframework.retry.support.RetryTemplate.execute(RetryTemplate.java:168)
at org.springframework.retry.interceptor.RetryOperationsInterceptor.invoke(RetryOperationsInterceptor.java:98)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:207)
at com.sun.proxy.$Proxy32.invokeListener(Unknown Source)
at org.springframework.amqp.rabbit.listener.SimpleMessageListenerContainer.invokeListener(SimpleMessageListenerContainer.java:1222)
at org.springframework.amqp.rabbit.listener.AbstractMessageListenerContainer.executeListener(AbstractMessageListenerContainer.java:559)
at org.springframework.amqp.rabbit.listener.SimpleMessageListenerContainer.doReceiveAndExecute(SimpleMessageListenerContainer.java:995)
at org.springframework.amqp.rabbit.listener.SimpleMessageListenerContainer.receiveAndExecute(SimpleMessageListenerContainer.java:979)
at org.springframework.amqp.rabbit.listener.SimpleMessageListenerContainer.access$600(SimpleMessageListenerContainer.java:78)
at org.springframework.amqp.rabbit.listener.SimpleMessageListenerContainer$AsyncMessageProcessingConsumer.run(SimpleMessageListenerContainer.java:1090)
at java.lang.Thread.run(Unknown Source)
Caused by: java.lang.Throwable
... 27 more
15 Apr 2016 17:28:00,005 | INFO - PasswordAwareSimpleJobLauncher$1.run(98) | Job: [FlowJob: [name=getIncidents]] launched
15 Apr 2016 17:28:00,005 | INFO - ArcherIncidentChangedTasklet.execute(56) | Invoke the Archer Webservices with the Properties object from the chunk Context
15 Apr 2016 17:28:00,005 | INFO - ArcherIncidentChangedTasklet.readFromArcher(73) | Last Time Run for JOB: 1460733960740
15 Apr 2016 17:28:00,005 | INFO - ArcherDataStore.readRecord(1309) | PERF(Archer DS readRecord invoked)
15 Apr 2016 17:28:00,909 | ERROR - ArcherDataStore.readRecord(1441) | Error while getting search ws
javax.xml.ws.soap.SOAPFaultException: System.Web.Services.Protocols.SoapException: Server was unable to process request. ---> System.ArgumentException: There was a data type parsing error in the Search Report Request.  String was not recognized as a valid DateTime.
   at ArcherTech.Web.Modules.SearchContent.Services.SearchCriteriaTransformer.TransformSearchReport(String xmlOptions)
   at Security2000.ws.search.ExecuteSearch(String sessionToken, String searchOptions, Int32 pageNumber)
   --- End of inner exception stack trace ---
CauseThe cause of this issue was that the PUSH and PULL accounts were misconfigured on the Archer server. They did not have the locale that is needed as per the Installation and Configuration guide.
 
ResolutionAssign the user the required locale settings as per the SecOps 1.3 installation guide under section 'Create RSA Archer User Accounts for Push and Pull'. Then restart services on the middleware and alerts will populate.
 

Attachments

    Outcomes