Thoughts or questions about RSA's Incident Management solution? Post 'em here!
To get the ball rolling: a common question we get is, "How do you handle data that comes from a SIEM that is not from RSA?"
The RSA Connector Framework will eventually support third party products and allow you to use Archer to capture the event. and present them as incidents. The RCF is a middle-ware based solution that will allow the interchange of data between disparate systems. This functionality should be availlable by fourth quarter 2011.
Thanks, Patrick. Another question: Does the solution take advantage of data that already resides in Archer?
RSA Incident Manager allows you to enrich the incident from enVision with busines context that already exists in Archer. Some examples would be adding RSA enVision incident data to Archer Business Processes, Applications, Devices and Applications that are already part of the Archer Enterprise and Incident Management Solutions. This gives you a more complete picture of how the incident can impact your environment and its associated policies, assets and procedures from Archer.
What versions of enVision and Archer does Incident Management work with?
Incident Management 1.0 has been certified with enVision 4.0 SP4 and Archer 4.5. There is a planned released of Incident Management 1.1 in June which will support Archer 5.0.
We have instructions for implementing version 1.0. You can install the application by yourself and PS is not required. Please note that the implementation requires in depth knowledge to both Archer and enVision. Please send me an email at firstname.lastname@example.org and I will get the materials to you. Version 1.1 for Archer 5.0 is not available until mid June. Regards,
Yes, it was released at the end of June. The SCOL note is here: https://knowledge.rsasecurity.com/scolcms/set.aspx?id=8983
Thanks, and best regards,
Retrieving data ...