Skip to content
  • There are no suggestions because the search field is empty.

Troubleshoot RSA Archer Integration

Troubleshoot Archer Integration

This section provides resolutions to common problems that you may encounter while configuring Archer

Cyber Incident & Breach Response 1.3.1.2 with NetWitness Respond. 

  • Column 1: Problem
  • Column 2: After adding the endpoint for IM: NetWitness Respond the Certificate Authority truststore fails to set.

  • Column 1: Solution
  • Column 2:
    1. Make sure that the SSH credentials for the  host are valid.
    2. If the credentials are correct, but the error still occurs, manually copy certificates.

  • Column 1:

    Problem

  • Column 2: Remediation Tasks being pushed to the operations queue through the UCF are not appearing in Archer Cyber Incident & Breach Response as Findings.

  • Column 1: Solution
  • Column 2:
    1. Open the Connection Manager using the command prompt:
      • Change directories to \SA IM integration service\data-collector.
      • Type: runConnectionManager.bat
    1. Enter 2 to edit endpoint.
    2. Enter 3 to Respond.
    3. Make sure the Target Queue is set to All or Operations.

  • Column 1:

    Problem

  • Column 2: In the <install_dir>\SA IM integration service\logs\collector.log, there are SSL errors between and RSA Unified Collector Framework.

  • Column 1: Solution
  • Column 2:
    • Verify that the SSL certificates are valid.

    certificates are valid for two years. 

    • If your certificates are expired, regenerate and copy the expired certificates.

    To regenerate and copy the certificates:

    1. In the Command Prompt, go to <install_dir>\SA IM integration service\data-collector.
    2. Enter runConnectionManager.bat

    3. Enter the number for Regenerate Integration Service Certificate.

    4. In the  Respond endpoint, in Connection Manager, enter the number for Edit Endpoint.
    5. Enter Yes to copy the certificates automatically to the trust store.

    If certificates fail to copy, manually copy the certificates.


  • Column 1: Problem
  • Column 2: unable to forward incidents to UCF.

  • Column 1: Solution
  • Column 2:
    1. In the collector config (C:\PROGRAM FILES\RSA\SA IM INTEGRATION SERVICE\CONFIG\collector-config), change the following:
      im.virtualhost=/rsa/im/integration
      to
      im.virtualhost=/rsa/system
    2. Restart UCF. For more information on restarting UCF, see Start the Unified Collector Framework.
    3. In the data collector (C:\PROGRAM FILES\RSA\SA IM INTEGRATION SERVICE\data-collector), double click on the following file to run it.
      runConnectionmanager.bat