AnsweredAssumed Answered

Maximizing SA-IM meta fields in event view

Question asked by kPaz69O9iFmkfmHp4zoBPAkBdhFrUPI9g5is5UumuUI= on Jan 26, 2016
Latest reply on Jan 28, 2016 by kPaz69O9iFmkfmHp4zoBPAkBdhFrUPI9g5is5UumuUI=

Hello,

 

I'm very frustrated with trying to connect SA-IM 10.5.x to Archer SecOps 1.3

 

I'm stuck on SA side which i have to add the relevant meta keys to the SA-IM JSON Script that sits at opt/rsa/im/scripts/core-alerts.js

I tried adding JSON lines for new metas but what it did was breaking the SA-IM (it stopped working after saving and restarting the service)

 

I contacted support (both of SA and Archer, both of them have no idea what i'm talking about)

I tried to reach PS and they will give a visit really soon, next month, but i'd really like to start working on that before they arrive

 

Basically, before editing the UCF and Archer itself, i have to make the SA-IM ready with the base fields (metas) that i'd like to use

 

The script that i noted before controls the view of the event on the SA-IM gui itself

If you go to an incident and press on it twice till you get to the event and then press on the red wheel and view event details you will see some basic fields

 

Please let me know if you have any idea of how to work it out if you done it before

Outcomes