000033781 - Archer Incident Respose Procedures and Tasks do not generate when Threat Category is set outside of RSA Archer

Document created by RSA Customer Support Employee on Aug 22, 2016Last modified by RSA Customer Support on Apr 18, 2019
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000033781
Applies ToRSA Product Set: Archer
RSA Version/Condition: 6.x
Platform: Windows
IssueIncident Response Procedures and Tasks are not generated as expected when "Threat Category" field data is configured outside of Archer and then sent to Archer.
CauseThe out-of-the-box IT Risk solution expects users to configure the "Threat Category" inside of Archer and will not attempt to generate the Incident Response Procedures and Tasks until the "Threat Category" field is changed inside of Archer.

This is further explained by the out-of-the-box configuration that includes the following:
  • “Generate Response Tasks” field is default to “No” on record creation.
  • There is a Data-Driven Event that sets “Generate Response Tasks” field to “YES” if “Threat Category” field is changed.
  • Only records that have "Generate Response Tasks" set to "YES" will be processed by the out-of-the-box IT Risk data feed that assigns response procedures and tasks to incidents.
ResolutionSince the Threat Category is being configured outside of Archer and then sent to Archer for the initial record creation, the records should be marked to have their Response Procedures and Tasks added to them immediately after record creation. This can be done by setting the default value of "Generate Response Tasks" to "Yes".
  1. From Navigation Menu, go to Administration > Application Builder > Manage Applications.
  2. Open the Security Incidents and select the Fields tab.
  3. Open the Generate Response Tasks field and select the Values tab.
  4. Click the "Yes" value.
  5. Click "Select this value by default" option.
  6. Click Save at the top center of the screen.
  7. Click Save in the top left of the screen.