Issue | 1. Have a syslog data source sending Alerts over to RSA Archer SecOps 1.3 2. Change the Incident Status field value from "New" to any other value (Assigned for example). 3. Save the Incident Record. 4. Notice when additional Security Events and/or Alerts come through, a new Security Incident is not created. 5. Notice that the Security Event is created but is not associated to any Security Alert or Security Incident. Here is an example of the error reported in the Collector.log file:
14 Mar 2016 15:46:28,909 | ERROR - AbstractStep.execute(225) | Encountered an error executing step sendSylogIncidentToArcher in job pushSyslogEvents com.rsa.connector.framework.components.datastore.archer.exception.ArcherComunicationException: javax.xml.ws.soap.SOAPFaultException: Server was unable to process request. ---> The content XXXXXX in field Security Alerts violates the maximum value of 1 established in the related field. The content XXXXXXX in field Security Alerts violates the maximum value of 1 established in the related field. at com.rsa.srm.collector.messaging.batch.SyslogIncidentAddedTasklet.executeMessage(SyslogIncidentAddedTasklet.java:229) at com.rsa.srm.collector.messaging.batch.SyslogIncidentAddedTasklet.parseMessage(SyslogIncidentAddedTasklet.java:157) at com.rsa.srm.collector.messaging.batch.SyslogIncidentAddedTasklet.execute(SyslogIncidentAddedTasklet.java:121) at org.springframework.batch.core.step.tasklet.TaskletStep$ChunkTransactionCallback.doInTransaction(TaskletStep.java:406) at org.springframework.batch.core.step.tasklet.TaskletStep$ChunkTransactionCallback.doInTransaction(TaskletStep.java:330) at org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:133) at org.springframework.batch.core.step.tasklet.TaskletStep$2.doInChunkContext(TaskletStep.java:271) at org.springframework.batch.core.scope.context.StepContextRepeatCallback.doInIteration(StepContextRepeatCallback.java:77) at org.springframework.batch.repeat.support.RepeatTemplate.getNextResult(RepeatTemplate.java:368) at org.springframework.batch.repeat.support.RepeatTemplate.executeInternal(RepeatTemplate.java:215) at org.springframework.batch.repeat.support.RepeatTemplate.iterate(RepeatTemplate.java:144) at org.springframework.batch.core.step.tasklet.TaskletStep.doExecute(TaskletStep.java:257) at org.springframework.batch.core.step.AbstractStep.execute(AbstractStep.java:198) at org.springframework.batch.core.job.SimpleStepHandler.handleStep(SimpleStepHandler.java:148) at org.springframework.batch.core.job.flow.JobFlowExecutor.executeStep(JobFlowExecutor.java:64) at org.springframework.batch.core.job.flow.support.state.StepState.handle(StepState.java:67) at org.springframework.batch.core.job.flow.support.SimpleFlow.resume(SimpleFlow.java:165) at org.springframework.batch.core.job.flow.support.SimpleFlow.start(SimpleFlow.java:144) at org.springframework.batch.core.job.flow.FlowJob.doExecute(FlowJob.java:134) at org.springframework.batch.core.job.AbstractJob.execute(AbstractJob.java:304) at com.rsa.srm.collector.batch.PasswordAwareSimpleJobLauncher$1.run(PasswordAwareSimpleJobLauncher.java:99) at org.springframework.core.task.SyncTaskExecutor.execute(SyncTaskExecutor.java:50) at com.rsa.srm.collector.batch.PasswordAwareSimpleJobLauncher.run(PasswordAwareSimpleJobLauncher.java:93) at com.rsa.srm.collector.syslog.listener.SyslogMessageHandler$QueueWorker.executeWorkflow(SyslogMessageHandler.java:170) at com.rsa.srm.collector.syslog.listener.SyslogMessageHandler$QueueWorker.run(SyslogMessageHandler.java:157) Caused by: javax.xml.ws.soap.SOAPFaultException: Server was unable to process request. ---> The content 318493 in field Security Alerts violates the maximum value of 1 established in the related field. The content XXXXXXX in field Security Alerts violates the maximum value of 1 established in the related field. at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:158) at com.sun.proxy.$Proxy76.createRecord(Unknown Source) at com.rsa.connector.framework.components.datastore.archer.ArcherWSHelper$CreateRecordCallback.call(ArcherWSHelper.java:721) at com.rsa.connector.framework.components.datastore.archer.ArcherWSHelper.callArcher(ArcherWSHelper.java:399) at com.rsa.connector.framework.components.datastore.archer.ArcherWSHelper.createRecord(ArcherWSHelper.java:324) at com.rsa.connector.framework.components.datastore.archer.ArcherWSHelper.writeRecord(ArcherWSHelper.java:290) at com.rsa.connector.framework.components.datastore.archer.ArcherWSHelper.createRecord(ArcherWSHelper.java:213) at com.rsa.connector.framework.components.datastore.archer.ArcherDataStore.putData(ArcherDataStore.java:594) at com.rsa.connector.framework.components.datastore.archer.ArcherDataStore.handleData(ArcherDataStore.java:443) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317) at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157) at org.springframework.aop.framework.adapter.AfterReturningAdviceInterceptor.invoke(AfterReturningAdviceInterceptor.java:52) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:92) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:207) at com.sun.proxy.$Proxy28.handleData(Unknown Source) at com.rsa.srm.collector.messaging.batch.SyslogIncidentAddedTasklet.executeMessage(SyslogIncidentAddedTasklet.j |