on Jun 14, 2016Article Content
| Article Number | 000031717 |
| Applies To | RSA Product Set: Archer, Security Management RSA Product/Service Type: SecOps RSA Version/Condition: 1.2 |
| Issue | Alerts are making it into the Archer SecOps solution, but aggregation is not occurring to append the alerts to incidents. Archer W3WP log error: <E2ETraceEvent xmlns="http://schemas.microsoft.com/2004/06/E2ETraceEvent"> <System xmlns="http://schemas.microsoft.com/2004/06/windows/eventlog/system"> <EventID>0</EventID> <Type>3</Type> <SubType Name="Error">0</SubType> <Level>2</Level> <TimeCreated SystemTime="2015-11-10T19:28:26.7390408Z" /> <Source Name="Archer.NET" /> <Correlation ActivityID="{00000000-0000-0000-0000-000000000000}" /> <Execution ProcessName="w3wp" ProcessID="3548" ThreadID="64" /> <AssemblyVersion>5.5.30002.1001</AssemblyVersion> <Channel /> <Computer>XXXXXXXXXXXX</Computer> </System> <ApplicationData> <TraceData> <DataItem> <TraceRecord Severity="Error" xmlns="http://schemas.microsoft.com/2004/10/E2ETraceEvent/TraceRecord"> <TraceIdentifier>Archer.NET</TraceIdentifier> <Description>Server was unable to process request.</Description> <AppDomain>/LM/W3SVC/1/ROOT-1-130915803693497114</AppDomain> <Exception> <ExceptionType>System.Web.Services.Protocols.SoapException, System.Web.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</ExceptionType> <Message>Server was unable to process request.</Message> <Source /> <StackTrace /> <InnerException> <ExceptionType>System.Exception, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</ExceptionType> <Message>Other text is required for field SAIM Priority.</Message> <Source>Security2000</Source> <StackTrace> at Security2000.ws.record.CreateRecord(SessionContext sessionContext, Content content, Nullable`1 subformFieldId) at Security2000.ws.record.CreateRecord(String sessionToken, XmlNode recordNode, Nullable`1 subformFieldId) at Security2000.ws.record.CreateRecord(String sessionToken, Int32 moduleId, String fieldValues)</StackTrace> </InnerException> </Exception> </TraceRecord> </DataItem> </TraceData> </ApplicationData> </E2ETraceEvent> Error in Collector.log (SA IM middleware server): 10 Nov 2015 13:54:25,471 | ERROR - ArcherDataStoreTasklet.pushToArcher(413) | Exception occured org.springframework.jms.listener.adapter.ListenerExecutionFailedException: Failed when communicating with Archer; nested exception is javax.xml.ws.soap.SOAPFaultException: Server was unable to process request. ---> Other text is required for field SAIM Priority. at com.rsa.srm.collector.messaging.batch.ArcherDataStoreTasklet.pushToArcher(ArcherDataStoreTasklet.java:403) at com.rsa.srm.collector.messaging.batch.ArcherIncidentAddedTasklet.execute(ArcherIncidentAddedTasklet.java:203) at org.springframework.batch.core.step.tasklet.TaskletStep$ChunkTransactionCallback.doInTransaction(TaskletStep.java:395) at org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:130) at org.springframework.batch.core.step.tasklet.TaskletStep$2.doInChunkContext(TaskletStep.java:267) at org.springframework.batch.core.scope.context.StepContextRepeatCallback.doInIteration(StepContextRepeatCallback.java:77) at org.springframework.batch.repeat.support.RepeatTemplate.getNextResult(RepeatTemplate.java:368) at org.springframework.batch.repeat.support.RepeatTemplate.executeInternal(RepeatTemplate.java:215) at org.springframework.batch.repeat.support.RepeatTemplate.iterate(RepeatTemplate.java:144) at org.springframework.batch.core.step.tasklet.TaskletStep.doExecute(TaskletStep.java:253) at org.springframework.batch.core.step.AbstractStep.execute(AbstractStep.java:195) at org.springframework.batch.core.job.SimpleStepHandler.handleStep(SimpleStepHandler.java:137) at org.springframework.batch.core.job.flow.JobFlowExecutor.executeStep(JobFlowExecutor.java:64) at org.springframework.batch.core.job.flow.support.state.StepState.handle(StepState.java:60) at org.springframework.batch.core.job.flow.support.SimpleFlow.resume(SimpleFlow.java:152) at org.springframework.batch.core.job.flow.support.SimpleFlow.start(SimpleFlow.java:131) at org.springframework.batch.core.job.flow.FlowJob.doExecute(FlowJob.java:135) at org.springframework.batch.core.job.AbstractJob.execute(AbstractJob.java:301) at com.rsa.srm.collector.batch.PasswordAwareSimpleJobLauncher$1.run(PasswordAwareSimpleJobLauncher.java:99) at org.springframework.core.task.SyncTaskExecutor.execute(SyncTaskExecutor.java:48) at com.rsa.srm.collector.batch.PasswordAwareSimpleJobLauncher.run(PasswordAwareSimpleJobLauncher.java:93) at com.rsa.srm.collector.messaging.listener.AbstractQueueListener.executeWorkflow(AbstractQueueListener.java:193) at com.rsa.srm.collector.messaging.listener.IncidentsQueueListener.onMessage(IncidentsQueueListener.java:34) at org.springframework.amqp.rabbit.listener.adapter.MessageListenerAdapter.onMessage(MessageListenerAdapter.java:349) at org.springframework.amqp.rabbit.listener.AbstractMessageListenerContainer.doInvokeListener(AbstractMessageListenerContainer.java:650) at org.springframework.amqp.rabbit.listener.AbstractMessageListenerContainer.invokeListener(AbstractMessageListenerContainer.java:576) at org.springframework.amqp.rabbit.listener.SimpleMessageListenerContainer.access$001(SimpleMessageListenerContainer.java:78) at org.springframework.amqp.rabbit.listener.SimpleMessageListenerContainer$1.invokeListener(SimpleMessageListenerContainer.java:161) at sun.reflect.GeneratedMethodAccessor136.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317) at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150) at org.springframework.retry.interceptor.RetryOperationsInterceptor$1.doWithRetry(RetryOperationsInterceptor.java:69) at org.springframework.retry.support.RetryTemplate.doExecute(RetryTemplate.java:255) at org.springframework.retry.support.RetryTemplate.execute(RetryTemplate.java:162) at org.springframework.retry.interceptor.RetryOperationsInterceptor.invoke(RetryOperationsInterceptor.java:87) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204) at com.sun.proxy.$Proxy21.invokeListener(Unknown Source) at org.springframework.amqp.rabbit.listener.SimpleMessageListenerContainer.invokeListener(SimpleMessageListenerContainer.java:1177) at org.springframework.amqp.rabbit.listener.AbstractMessageListenerContainer.executeListener(AbstractMessageListenerContainer.java:559) at org.springframework.amqp.rabbit.listener.SimpleMessageListenerContainer.doReceiveAndExecute(SimpleMessageListenerContainer.java:950) at org.springframework.amqp.rabbit.listener.SimpleMessageListenerContainer.receiveAndExecute(SimpleMessageListenerContainer.java:934) at org.springframework.amqp.rabbit.listener.SimpleMessageListenerContainer.access$600(SimpleMessageListenerContainer.java:78) at org.springframework.amqp.rabbit.listener.SimpleMessageListenerContainer$AsyncMessageProcessingConsumer.run(SimpleMessageListenerContainer.java:1045) at java.lang.Thread.run(Unknown Source) Caused by: javax.xml.ws.soap.SOAPFaultException: Server was unable to process request. ---> Other text is required for field SAIM Priority. at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:157) at com.sun.proxy.$Proxy67.createRecord(Unknown Source) at com.rsa.connector.framework.components.datastore.archer.ArcherWSHelper$CreateRecordCallback.call(ArcherWSHelper.java:720) at com.rsa.connector.framework.components.datastore.archer.ArcherWSHelper.callArcher(ArcherWSHelper.java:397) at com.rsa.connector.framework.components.datastore.archer.ArcherWSHelper.createRecord(ArcherWSHelper.java:322) at com.rsa.connector.framework.components.datastore.archer.ArcherWSHelper.writeRecord(ArcherWSHelper.java:288) at com.rsa.connector.framework.components.datastore.archer.ArcherWSHelper.createRecord(ArcherWSHelper.java:211) at com.rsa.connector.framework.components.datastore.archer.ArcherDataStore.putData(ArcherDataStore.java:568) at com.rsa.connector.framework.components.datastore.archer.ArcherDataStore.handleData(ArcherDataStore.java:447) at com.rsa.srm.collector.messaging.batch.ArcherDataStoreTasklet.pushToArcher(ArcherDataStoreTasklet.java:393) ... 47 more Caused by: org.apache.cxf.binding.soap.SoapFault: Server was unable to process request. ---> Other text is required for field SAIM Priority. at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.unmarshalFault(Soap11FaultInInterceptor.java:84) at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:51) at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:40) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272) at org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(AbstractFaultChainInitiatorObserver.java:113) at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:69) at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:34) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272) at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:845) at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1624) at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1513) at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1318) at org.apache.cxf.io.CacheAndWriteOutputStream.postClose(CacheAndWriteOutputStream.java:56) at org.apache.cxf.io.CachedOutputStream.close(CachedOutputStream.java:223) at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56) at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:632) at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272) at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:570) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:479) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:382) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:335) at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96) at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:135) |
| Resolution | To resolve the issue, remove the "Require users to enter supporting information when they select this value" option for any values in the "SAIM Priority" values list field in the Security Incident application:
|
| Notes | A similar issue can occur with other fields as well. Be careful when configuring a field to be "required" for modules in the Security Operations Management solution. If a required field is not being populated by the record creation via the API then the record creation will fail for those records. Aggregation of alerts to incidents may not occur either. |