Archer Integ: Troubleshoot RSA Archer Integration

Document created by RSA Information Design and Development on Oct 11, 2017Last modified by RSA Information Design and Development on Oct 17, 2017
Version 3Show Document
  • View in full screen mode
  

This section provides resolutions to common problems that you may encounter while configuring Archer SecOps 1.3.1.2 with NetWitness Suite Respond. 

Setting the CA Truststore

Problem: After adding the endpoint for NetWitness Suite Respond, the CA truststore fails to set.

Resolution: 

  1. Ensure that the SSH credentials for the NetWitness Suite host are valid.
  2. If the credentials are correct, but the error still occurs, manually copy certificates.

Remediation Tasks in RSA Archer Security Operations Manager

Problem: Remediation Tasks being pushed to the operations queue through the UCF are not appearing in RSA Archer Security Operations Management as Findings. 

Resolution:

  1. Open the Connection Manager:
    • Open a command prompt
    • Change directories to <install_dir>\SA IM integration service\data-collector.
    • Type: runConnectionManager.bat
  2. Enter 2 to edit endpoint.
  3. Enter 3 to NetWitness Suite Respond.
  4. Ensure the Target Queue is set to All or Operations.

Errors between RSA NetWitness Suite and RSA Unified Collector Framework

Problem: In the <install_dir>\SA IM integration service\logs\collector.log, there are SSL errors between RSA NetWitness Suite and RSA Unified Collector Framework.

Resolution:

  1. Verify that the SSL certificates are valid.
  2. Note: NetWitness Suite Respond certificates are valid for two years. 

  3. If your certificates are expired, regenerate and copy the expired certificates.

To regenerate and copy the certificates, do the following:

  1. In Command Prompt, go to <install_dir>\SA IM integration service\data-collector.
  2. Enter: runConnectionManager.bat
  3. Enter the number for Regenerate SA IM Integration Service Certificate.

  4. In the NetWitness Suite Respond endpoint, in Connection Manager, enter the number for Edit Endpoint.

  5. Enter Yes to copy the certificates automatically to the NetWitness Suite trust store.

Note: If certificates fail to copy, manually copy the certificates.

You are here
Table of Contents > Troubleshoot RSA Archer Integration

Attachments

    Outcomes