I am looking so send events from SPLUNK to be sent to RSA archer. does anyone have an idea what the best way to do it would be?
Administrators can integrate RSA NetWitness Suite with RSA NetWitness Security Operations (SecOps) Manager to send alerts and incidents from NetWitness Suite to Archer for incident management and remediation. This guide provides a high-level workflow for configuring this integration.
System integration brings different programs together to work smoothly without interfering with each other or demanding duplicate actions from the users so that data can flow seamlessly and uninterruptedly. For more information about Integration with RSA Archer.
Click here: RSA Archer Training
I hope it solves your issue.
Here are some updated links:
Splunk Technology Integration to RSA Netwitness (Security Analytics) (Event Source Configuration) (which then integrates to RSA Archer Security Operations & Breach Management):
RSA Netwitness Integration to RSA Archer (with Unified Collector Framework UCF):
RSA Archer Use-Cases Documentations:
RSA Archer Security Operations & Breach Management Use-Case:
RSA Archer Community:
RSA Archer Documentation & Downloads:
RSA Archer Community News Update:
These are just random docs that really does not answer the question asked.
Now Integration between Splunk and RSA Archer is available. You can make use of the RSA Security Operations Solutions solution to integrate Splunk and RSA Archer.
Records will be created in the Security Incidents, Security alerts application in RSA Archer.
RSA Archer Security Operations Management helps you do the following:
a>Prioritize and respond faster to security incidents by leveraging business context and actionable threat intelligence.
b>Engage key business and IT stakeholders in the incident management process
c>Simplify incident investigation and breach response procedures through industry best practice methodologies and response procedures.
d>Optimize SOC investments through SOC KPI (key performance indicators)monitoring and staff time management tracking.
Also customers can make use of the Devices application present in the Enterprise management solution to add more business context for the devices, mention the criticality of the device, link the device to the Business Unit and have full fledged enterprise solution integrated with RSA SecOps solution.
More information about the integration can be found in the following link:
To know more about RSA Security Operations Management solution refer to the following link:
I am unable to view the integration document also, I receive a restricted message. Can we get an updated location or make the document accessible?
Did you get the document? Is it possible to share?
Thank you for sharing the information.
However, the link is not available now.
Could you please update the link? This subject is very intresting for us as a client of Archer.
Thank you very much.
This really becomes a programming question because both tools have a web API, so you just need to be able to interface with them. Splunk uses a REST API but has a good development kit to make things easier, and Archer uses a SOAP API.
A good place to start is the Splunk SDK:
And here is the Archer documentation:
Adding records to Archer is slightly more complicated than pulling them out of Splunk, but essentially you just create a session token (general.CreateUserSessionFromInstance) and then add a record (record.CreateRecord) with your fields.