Archer and SIEM integration
I have moved this thread to the https://community.rsa.com/community/products/archer-grc/archer-customer-partner-community?sr=search&searchId=26b8da02-9071-4136-b641-a6711b6bb942&searchIndex=0 so that you can get an answer to your question.
You can find a Splunk integration guide here:
For integration with ArcSight, search for the documents pertaining to the RSA Unified Collector Framework.
may I ask what kind of data would you like to send back from Archer to the SIEM?
We don´t have the interface set up in this way. Just one way from SIEM -> Archer
We integrate Archer with QRadar as our SIEM, but due to a defect with QRadar at the time we didn't get to use the connector framework. So we built our own API application which does the integration. This application checks QRadar every 5 minutes for a new incident and populates it in Archer. It also checks Archer for updated records to then update the QRadar records to keep them in sync on the status. So if your team has the capability do write API applications, that might be the way to go. Hope that helps!
The Splunk Integration guide is for integration of Splunk with RSA NetWitness, not Archer. Did you get value from this document for itnegrating Splunk with Archer?