000030828 - Archer:Security Incident not sending to SecOps

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000030828
Applies ToRSA Product Set: Archer SecOps
RSA Product/Service Type: Archer SecOps
RSA Version/Condition: Archer 5.4 SP1 SecOps 1.1
Platform: Windows server
O/S Version: 2008 R2
Product Name: Archer SecOps
Product Description: Archer SecOps
IssueWe encounter issue after purging of logs from SecOps, there are no security incident coming in ever since the purging was done. However, we are still able to receive events and alerts in SecOps.
 
CauseFind one or more field is required in security incident application on Archer, see the following error many times in the rsa_connector_n.log file
Jul 23, 2015 9:56:29 AM com.rsa.connector.framework-ACS
SEVERE: esa - Error occured while handling incoming data
org.apache.felix.log.LogException: javax.xml.ws.WebServiceException: org.apache.cxf.binding.soap.SoapFault: Server was unable to process request. ---> The <field_name> field is a required field.
 at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:144)
 at $Proxy55.createRecord(Unknown Source)
 at com.rsa.connector.framework.components.datastore.archer.ArcherWSHelper$CreateRecordCallback.call(ArcherWSHelper.java:720)
 at com.rsa.connector.framework.components.datastore.archer.ArcherWSHelper.callArcher(ArcherWSHelper.java:397)
 at com.rsa.connector.framework.components.datastore.archer.ArcherWSHelper.createRecord(ArcherWSHelper.java:322)
 at com.rsa.connector.framework.components.datastore.archer.ArcherWSHelper.writeRecord(ArcherWSHelper.java:288)
 at com.rsa.connector.framework.components.datastore.archer.ArcherWSHelper.createRecord(ArcherWSHelper.java:211)
 at com.rsa.connector.framework.components.datastore.archer.ArcherDataStore.putData(ArcherDataStore.java:488)
 at com.rsa.connector.framework.components.datastore.archer.ArcherDataStore.handleData(ArcherDataStore.java:386)
 at com.rsa.connector.plugin.soc.SOCManagementService.onApplicationDataReceived(SOCManagementService.java:67)
 at com.rsa.connector.plugin.service.AbstractRsaConnectorService.processDataHandlingRequest(AbstractRsaConnectorService.java:99)
 at com.rsa.connector.framework.plugin.ApplicationRequestHandler.execute(ApplicationRequestHandler.java:177)
 at com.rsa.connector.framework.plugin.ApplicationRequestHandler.access$400(ApplicationRequestHandler.java:30)
 at com.rsa.connector.framework.plugin.ApplicationRequestHandler$QueueWorker.run(ApplicationRequestHandler.java:249)
Caused by: org.apache.felix.log.LogException: org.apache.cxf.binding.soap.SoapFault: Server was unable to process request. ---> The Team Escalated To field is a required field.
 at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.unmarshalFault(Soap11FaultInInterceptor.java:75)
 at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:46)
 at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:35)
 at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:243)
 at org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(AbstractFaultChainInitiatorObserver.java:99)
 at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:69)
 at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:34)
 at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:243)
 at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:700)
 at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:2261)
 at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:2134)
 at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1988)
 at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:66)
 at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:639)
 at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
 at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:243)
 at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:487)
 at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:313)
 at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:265)
 at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
 at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124)
 ... 13 more
 
ResolutionUncheck the field from being required and now security incident is received by SecOps.

Attachments

    Outcomes