Getting Data In

How do I send events from SPLUNK to be sent to RSA archer?

ofernandes
Engager

Hello everyone,

I am looking so send events from SPLUNK to be sent to RSA archer. does anyone have an idea what the best way to do it would be?

Thanks,
Oliver

Tags (3)

david09
Loves-to-Learn

Hi Everyone,

Administrators can integrate RSA NetWitness Suite with RSA NetWitness Security Operations (SecOps) Manager to send alerts and incidents from NetWitness Suite to Archer for incident management and remediation. This guide provides a high-level workflow for configuring this integration.

System integration brings different programs together to work smoothly without interfering with each other or demanding duplicate actions from the users so that data can flow seamlessly and uninterruptedly. For more information about Integration with RSA Archer.

Click here: RSA Archer Training

I hope it solves your issue.

Regards,

David

0 Karma

volkerstrecke
New Member

Here are some updated links:

Updated Links:

Splunk Technology Integration to RSA Netwitness (Security Analytics) (Event Source Configuration) (which then integrates to RSA Archer Security Operations & Breach Management):
https://community.rsa.com/docs/DOC-76132

RSA Netwitness Integration to RSA Archer (with Unified Collector Framework UCF):
https://community.rsa.com/docs/DOC-80978
https://community.rsa.com/docs/DOC-81705
https://community.rsa.com/docs/DOC-43085
https://community.rsa.com/docs/DOC-74023

RSA Archer Use-Cases Documentations:
https://community.rsa.com/docs/DOC-40093

RSA Archer Security Operations & Breach Management Use-Case:
https://community.rsa.com/docs/DOC-32889 (english)
https://community.rsa.com/docs/DOC-54512 (german)

RSA Archer Community:
https://community.rsa.com/community/products/archer-grc

RSA Archer Documentation & Downloads:
https://community.rsa.com/community/products/archer-grc/exchange/documentation-downloads
https://community.rsa.com/community/products/archer-grc/archer-customer-partner-community/platform/6...

RSA Archer Community News Update:
https://community.rsa.com/docs/DOC-22846

0 Karma

alohsleoj
Engager

These are just random docs that really does not answer the question asked.

0 Karma

nithin_shubhana
Explorer

Now Integration between Splunk and RSA Archer is available. You can make use of the RSA Security Operations Solutions solution to integrate Splunk and RSA Archer.

Records will be created in the Security Incidents, Security alerts application in RSA Archer.

RSA Archer Security Operations Management helps you do the following:
a>Prioritize and respond faster to security incidents by leveraging business context and actionable threat intelligence.
b>Engage key business and IT stakeholders in the incident management process
c>Simplify incident investigation and breach response procedures through industry best practice methodologies and response procedures.
d>Optimize SOC investments through SOC KPI (key performance indicators)monitoring and staff time management tracking.

Also customers can make use of the Devices application present in the Enterprise management solution to add more business context for the devices, mention the criticality of the device, link the device to the Business Unit and have full fledged enterprise solution integrated with RSA SecOps solution.

More information about the integration can be found in the following link:
https://community.emc.com/docs/DOC-36270

To know more about RSA Security Operations Management solution refer to the following link:
https://community.emc.com/docs/DOC-39988

Regards,
Nithin Shubhananda

michael_daoust
New Member

I am unable to view the integration document also, I receive a restricted message. Can we get an updated location or make the document accessible?

0 Karma

danglim
New Member

https://community.emc.com/docs/DOC-36270 This link is restricted. any chance you can grant access ?

0 Karma

monteirolopes
Communicator

Did you get the document? Is it possible to share?

0 Karma

Lindaiyu
Path Finder

Hello Nithin,

Thank you for sharing the information.
However, the link is not available now.
Could you please update the link? This subject is very intresting for us as a client of Archer.
Thank you very much.

Daiyu

0 Karma

pylanch
Engager

This really becomes a programming question because both tools have a web API, so you just need to be able to interface with them. Splunk uses a REST API but has a good development kit to make things easier, and Archer uses a SOAP API.

A good place to start is the Splunk SDK:
http://dev.splunk.com/view/sdks/SP-CAAADP7

And here is the Archer documentation:
https://community.emc.com/community/connect/grc_ecosystem/rsa_archer

Adding records to Archer is slightly more complicated than pulling them out of Splunk, but essentially you just create a session token (general.CreateUserSessionFromInstance) and then add a record (record.CreateRecord) with your fields.

Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...