Respond Config: Manage Incidents in Archer Cyber Incident & Breach Response

Document created by RSA Information Design and Development on Sep 13, 2017Last modified by RSA Information Design and Development on Sep 11, 2018
Version 12Show Document
  • View in full screen mode
 

If you want to manage incidents in RSA Archer® Cyber Incident & Breach Response instead of NetWitness Respond, you have to configure system integration settings in the Respond Server service Explore view. After you configure the system integration settings, all incidents are managed in Archer Cyber Incident & Breach Response. Incidents created before the integration will not be managed in Archer Cyber Incident & Breach Response.

Caution: If you are managing incidents in Archer Cyber Incident & Breach Response instead of NetWitness Respond, do not use the following in the Respond view: Incidents List view, Incident Details view, and Tasks List view. Do not create incidents from the Respond Alerts List view or from Investigate.

For more detailed integration information, see the RSA Archer Integration Guide.

Prerequisites

  • Archer Cyber Incident & Breach Response 1.3.1.2 (NetWitness Platform 11.0 will only work with Archer Cyber Incident & Breach Response 1.3.1.2.)

Procedure

Follow this procedure to configure Respond Server service settings to manage incidents in Archer Cyber Incident & Breach Response.

  1. Go to ADMIN > Services, select the Respond Server service, and then select Actions icon > Config > Explore.
  2. In the Explore view node list, select respond/integration/export.
    Respond Server Explore view showing settings for NetWitness SecOps Manager integration
  3. In the archer-exchange-name field, type incidents.archer.
    You will see a notice that the configuration was successfully updated.
  4. In the archer-sec-ops-integration-enabled field, select true.
    You will see a notice that the configuration was successfully updated.
    Incidents will be managed exclusively in Archer Cyber Incident & Breach Response.
Previous Topic:Obfuscate Private Data
You are here
Table of Contents > Additional Procedures for Respond Configuration > Manage Incidents in Archer Cyber Incident & Breach Response

Attachments

    Outcomes