000034459 - Archer Finding Status does not match between Vulnerability Analytics and RSA Archer

Document created by RSA Customer Support Employee on Dec 9, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000034459
Applies ToRSA Product Set: Security Management
RSA Product/Service Type: Vulnerability Risk Management
RSA Version/Condition: 1.2
IssueThe status of the Finding in Archer does not match the status of the same Finding in the RSA Vulnerability Analytics software.
CauseThe synchronization job between the Findings application in Archer and the Vulnerability Analytics software requires specific values in specific fields in the Archer application for the synchronization to be successful.  Additionally, it is designed to identify certain values in the fields of the record to determine whether or not a finding needs to be synchronized between the software applications.
Interference with these fields, by changing the field configuration or by changing the record data outside of the designed functionality, may causes synchronization to fail for some, or all records.
ResolutionThe following fields in the Findings application of Archer must not be set by any other non-user process other than the out-of-the-box Workflows, Calculations and Data Driven Events provided with the Vulnerability Risk Management solution:
  • Due Date
  • State
  • Status
  • VRM Process Record Flag
Additionally, the same applies to any fields that are referenced by, or related to the above fields.
If there are any Findings records that are not synchronizing properly that have been updated by a Data Feed, or another non-user process outside of the out-of-the-box designed functionality of Vulnerability Risk Management, please inactivate the process to resolve the synchronization issue.
WorkaroundWe have not done any validation testing in regards to running Data Feeds to update Findings that are related to the Vulnerability Analytics workflow, either directly or indirectly. You will need to do your own testing to make sure that they do not interfere with the regular Vulnerability Analytics workflow jobs and correct the Data Feeds or jobs so that they do not interfere with designed functionality.