Archer Incident Respose Procedures and Tasks do not generate when Threat Category is set outside of RSA Archer
RSA Product Set: Archer RSA Version/Condition: 6.x Platform: Windows
Incident Response Procedures and Tasks are not generated as expected when "Threat Category" field data is configured outside of Archer and then sent to Archer.
The out-of-the-box IT Risk solution expects users to configure the "Threat Category" inside of Archer and will not attempt to generate the Incident Response Procedures and Tasks until the "Threat Category" field is changed inside of Archer.
This is further explained by the out-of-the-box configuration that includes the following:
“Generate Response Tasks” field is default to “No” on record creation.
There is a Data-Driven Event that sets “Generate Response Tasks” field to “YES” if “Threat Category” field is changed.
Only records that have "Generate Response Tasks" set to "YES" will be processed by the out-of-the-box IT Risk data feed that assigns response procedures and tasks to incidents.
Since the Threat Category is being configured outside of Archer and then sent to Archer for the initial record creation, the records should be marked to have their Response Procedures and Tasks added to them immediately after record creation. This can be done by setting the default value of "Generate Response Tasks" to "Yes".
From Navigation Menu, go to Administration > Application Builder > Manage Applications.
Open the Security Incidents and select the Fields tab.
Open the Generate Response Tasks field and select the Values tab.