ArcherIRM

the archerirm connector facilitates the integration of swimlane turbine with rsa archer's risk management capabilities, enabling automated data retrieval and record management archerirm, an rsa solution, is a comprehensive governance, risk, and compliance (grc) platform that enables organizations to manage corporate risk and compliance with regulatory requirements this connector allows swimlane turbine users to automate grc related tasks by integrating with archerirm's applications, streamlining record creation, modification, and retrieval, as well as managing users and groups within the platform the integration empowers security teams to efficiently handle grc processes, ensuring timely risk assessment and compliance management directly from the swimlane turbine environment the archerirm connector integrates with swimlane turbine to create, get, update, and delete records prerequisites to utilize the archerirm connector within swimlane turbine, ensure you have the following prerequisites rsa archer authentication with the following parameters url the endpoint url for the archerirm instance instance name the specific name of the archerirm instance to connect to username the user account with permissions to access the archerirm instance password the corresponding password for the provided username turn on api read permissions the set of credentials for this plugin require read permissions for the api to turn on api read permissions navigate to the login page and login from the administration pull down menu, select access roles on manage access role api access, select the rights tab and then select read permissions for manage security parameters ensure manage security parameters read permissions is selected capabilities this connector provides the following capabilities create record delete record get all applications get all groups get all users get field definition by application id get group by id get record get user by id update record search records by report id or guid notes https //help archerirm cloud/platform 611/en us/content/api/restapi/segmentsresources/authentication htm https //help archerirm cloud/platform 611/en us/content/api/restapi/segmentsresources/content htm?highlight=core%2fcontent%2fattachment#postcontent https //xsoar pan dev/docs/reference/integrations/rsa archer v2#archer delete record https //help archerirm cloud/platform 611/en us/content/api/restapi/segmentsresources/metadata application htm?highlight=core%2fsystem%2fapplication#getallapplications https //help archerirm cloud/platform 611/en us/content/api/restapi/segmentsresources/metadata group htm?highlight=core%2fsystem%2fgroup%2f#getallgroups https //help archerirm cloud/platform 611/en us/content/api/restapi/segmentsresources/metadata user htm?highlight=core%2fsystem%2fuser#getallusers https //help archerirm cloud/platform 611/en us/content/api/restapi/segmentsresources/metadata field htm?highlight=core%2fsystem%2ffielddefinition#getfielddefinitionbyapplicationid https //help archerirm cloud/platform 611/en us/content/api/restapi/segmentsresources/metadata group htm?highlight=core%2fsystem%2fgroup%2f#getgroupbyid https //xsoar pan dev/docs/reference/integrations/rsa archer v2#archer get record https //help archerirm cloud/platform 611/en us/content/api/restapi/segmentsresources/metadata user htm?highlight=core%2fsystem%2fuser%2f#getuserbyid https //help archerirm cloud/platform 611/en us/content/api/restapi/segmentsresources/content htm?highlight=core%2fcontent%2fattachment#putcontent https //help archerirm cloud/platform 611/en us/content/api/webapi/searchrecordsbyreport htm configurations rsa archer authentication rsa archer authentication configuration parameters parameter description type required url the scheme, url, and optional port and root path pointing to archer string required instancename target archer instance name string required userdomain optional user domain for provided user string optional username username of the archer api user string required password password of the archer api user string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions create record initiates a new record creation in an rsa archer application using the provided content data endpoint url /core/content method post input argument name type required description content object optional response content content levelid number required unique identifier content fieldcontents object required response content content fieldcontents 13867 object optional response content content fieldcontents 13867 type number optional type of the resource content fieldcontents 13867 tag string optional response content content fieldcontents 13867 value string optional value for the parameter content fieldcontents 13867 fieldid number optional unique identifier content fieldcontents 13868 object optional response content content fieldcontents 13868 type number optional type of the resource content fieldcontents 13868 tag string optional response content content fieldcontents 13868 value string optional value for the parameter content fieldcontents 13868 fieldid number optional unique identifier content fieldcontents 13870 object optional response content content fieldcontents 13870 type number optional type of the resource content fieldcontents 13870 tag string optional response content content fieldcontents 13870 value object optional value for the parameter content fieldcontents 13870 value valueslistids array optional unique identifier content fieldcontents 13870 value othertext string optional value for the parameter content fieldcontents 13870 fieldid number optional unique identifier content fieldcontents 13872 object optional response content content fieldcontents 13872 type number optional type of the resource content fieldcontents 13872 tag string optional response content content fieldcontents 13872 value array optional value for the parameter content fieldcontents 13872 fieldid number optional unique identifier input example {"json body" {"content" {"levelid" 9,"fieldcontents" {"13867" {"type" 1,"tag" "name (text)","value" "record created via rest api","fieldid" 13867},"13868" {"type" 1,"tag" "description (text)","value" "\<p>this is a text area field containing html content with different \<strong>\<span style=\\"color #ff0000;\\">colors\</span> \</strong> and \<span style=\\"font family comic sans ms,sans serif;\\">\<em>\<span style=\\"font size 14pt;\\">font \</span>\</em>\</span>\<span style=\\"font size 18pt;\\">sizes\</span> \<span style=\\"background color #ffff00;\\">this is highlighted yellow \</span>\</p>\r\n\<p>my bullet points\</p>\r\n\<ul>\r\n\<li>point 1\</li>\r\n\<li>point 2\</li>\r\n\</ul>\r\n\<p>image via link\</p>\<img src=\\"https //community rsa com/resources/images/palette 1013/rsa logo 55px png\\" />","fieldid" 13868},"13870" {"type" 4,"tag" "severity (values list)","value" {"valueslistids" \[63738,63821],"othertext" "whatever"},"fieldid" 13870},"13872" {"type" 12,"tag" "screenshot (image)","value" \[2069],"fieldid" 13872},"13877" {"type" 8,"tag" "my manager (record permissions)","value" {"userlist" \[{"id" 190},{"id" 2}],"grouplist" \[{"id" 19}]},"fieldid" 13877},"13881" {"type" 11,"tag" "attachments (attachment)","value" \[2068],"fieldid" 13881},"13886" {"type" 24,"tag" "my sub forms (sub form)","value" \[339019],"fieldid" 13886},"13888" {"type" 3,"tag" "my date (date)","value" "2016 12 14","fieldid" 13888},"13890" {"type" 2,"tag" "my number (numeric)","value" 123 456,"fieldid" 13890},"13907" {"type" 9,"tag" "my contacts (cross reference to contacts)","value" \[{"contentid" 205522},{"contentid" 318794},{"contentid" 325672}],"fieldid" 13907},"13999" {"type" 3,"tag" "my date time (date)","value" "2014 03 06t21 30 00","fieldid" 13999},"14009" {"type" 7,"tag" "my urls (external links)","value" \[{"name" "rsa","url" "https //www rsa com"},{"name" "archer community","url" "https //community rsa com/community/products/archer grc"},{"name" "search archer kbs","url" "https //community rsa com/community/products/archer grc/knowledge base"},{"name" "archer community discussion about powershell and api","url" "https //community rsa com/message/866965"},{"name" "kb 32481 how to use the rsa archer rest api with windows powershell","url" "https //community rsa com/docs/doc 45643"}],"fieldid" 14009},"14088" {"type" 16,"tag" "my matrix (matrix)","value" \[{"rowid" 63880,"columnid" 63879}],"fieldid" 14088},"14410" {"type" 19,"ipaddressbytes" "127 0 0 1","fieldid" 14410},"14538" {"type" 8,"tag" "my users and groups list (user/groups list) and max=1 and select from a limited list","value" {"userlist"\ null,"grouplist" \[{"id" 44}]},"fieldid" 14538},"14573" {"type" 23,"tag" "test (related records to app)","value" \[339014,338736],"fieldid" 14573}}},"subformfieldid" 123}} output parameter type description status code number http status code of the response reason string response reason phrase links array output field links links file name string name of the resource links file string output field links file requestedobject object output field requestedobject requestedobject id number unique identifier issuccessful boolean whether the operation was successful validationmessages array unique identifier output example {"status code" 200,"response headers" {"content length" "140","content type" "application/json","date" "tue, 19 dec 2023 20 37 23 gmt"},"reason" "ok","json body" {"links" \[],"requestedobject" {"id" 123454},"issuccessful"\ true,"validationmessages" \["correct"]}} delete record removes a specified content record from an application within archerirm using the provided contentid endpoint url /core/content/{{contentid}} method delete input argument name type required description path parameters contentid number required the id of the content record to delete input example {"path parameters" {"contentid" 253379}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {"content length" "140","content type" "application/json","date" "tue, 19 dec 2023 20 37 23 gmt"},"reason" "ok","json body" {}} get all applications retrieves metadata for all applications within archerirm, including authentication headers endpoint url /core/system/application method post input argument name type required description headers object required http headers for the request headers x http method override string required post is valid only if you include the x http method override \ get statement in the request header input example {"headers" {"x http method override" "get"}} output parameter type description status code number http status code of the response reason string response reason phrase archer object output field archer archer application object output field archer application archer application guid string unique identifier archer application id number unique identifier archer application languageid number unique identifier archer application name string name of the resource archer application status number status value archer application type number type of the resource output example {"status code" 200,"response headers" {"content length" "140","content type" "application/json","date" "tue, 19 dec 2023 20 37 23 gmt"},"reason" "ok","json body" {"archer" {"application" {}}}} get all groups retrieves all user groups from archerirm, with necessary headers for authentication and authorization endpoint url /core/system/group method post input argument name type required description headers object required http headers for the request headers x http method override string required post is valid only if you include the x http method override \ get statement in the request header input example {"headers" {"x http method override" "get"}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {"content length" "140","content type" "application/json","date" "tue, 19 dec 2023 20 37 23 gmt"},"reason" "ok","json body" \[{"links" \[],"requestedobject" {},"issuccessful"\ true,"validationmessages" \[]}]} get all users retrieves all users from the current archerirm instance, requiring specific headers for authentication endpoint url /core/system/user method post input argument name type required description headers object required http headers for the request headers x http method override string required post is valid only if you include the x http method override \ get statement in the request header input example {"headers" {"x http method override" "get"}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {"content length" "140","content type" "application/json","date" "tue, 19 dec 2023 20 37 23 gmt"},"reason" "ok","json body" \[{"links" \[],"requestedobject" {},"issuccessful"\ true,"validationmessages" \[]}]} get field definition by application id retrieve field definitions for a given application id in the current archerirm instance, using the 'applicationid' path parameter endpoint url /core/system/fielddefinition/application/{{applicationid}} method get input argument name type required description path parameters applicationid string required the application id to get the application fields input example {"path parameters" {"applicationid" "75"}} output parameter type description status code number http status code of the response reason string response reason phrase archer object output field archer archer applicationfield array output field archer applicationfield archer applicationfield fieldid number unique identifier archer applicationfield fieldname string name of the resource archer applicationfield fieldtype string type of the resource archer applicationfield levelid number unique identifier output example {"status code" 200,"response headers" {"content length" "140","content type" "application/json","date" "tue, 19 dec 2023 20 37 23 gmt"},"reason" "ok","json body" {"archer" {"applicationfield" \[]}}} get group by id retrieves a specific group from archerirm using the provided group id endpoint url /core/system/group/{{groupid}} method get input argument name type required description path parameters groupid number required id of group content to be retrieved input example {"path parameters" {"groupid" 208}} output parameter type description status code number http status code of the response reason string response reason phrase links array output field links links file name string name of the resource links file string output field links file requestedobject object output field requestedobject requestedobject id number unique identifier requestedobject name string name of the resource requestedobject displayname string name of the resource requestedobject description string output field requestedobject description requestedobject everyoneflag boolean output field requestedobject everyoneflag requestedobject guid string unique identifier requestedobject systemflag boolean output field requestedobject systemflag requestedobject ldapflag boolean output field requestedobject ldapflag requestedobject domainid object unique identifier requestedobject distinguishedname object name of the resource requestedobject defaulthomedashboardid object unique identifier requestedobject defaulthomeworkspaceid object unique identifier requestedobject updateinformation object output field requestedobject updateinformation requestedobject updateinformation createdate string date value requestedobject updateinformation updatedate string date value requestedobject updateinformation createlogin number output field requestedobject updateinformation createlogin requestedobject updateinformation updatelogin number output field requestedobject updateinformation updatelogin issuccessful boolean whether the operation was successful validationmessages array unique identifier output example {"status code" 200,"response headers" {"content length" "140","content type" "application/json","date" "tue, 19 dec 2023 20 37 23 gmt"},"reason" "ok","json body" {"links" \[],"requestedobject" {"id" 208,"name" "updated group name","displayname" "updated group name","description" "\<html>\<head>\</head>\<p style=\\"margin 0px\\">was new group description\</p>\</html>","everyoneflag"\ false,"guid" "4eec52f1 bc2f 4460 ac2b e6e179b5744d","systemflag"\ false,"ldapflag"\ false,"domainid"\ null,"distinguishedname get record retrieves detailed information about a specific content record in an archerirm application using the provided contentid endpoint url /core/content/{{contentid}} method get input argument name type required description path parameters contentid number required the content record id input example {"path parameters" {"contentid" 253379}} output parameter type description status code number http status code of the response reason string response reason phrase archer object output field archer archer record object output field archer record archer record current status object status value archer record current status othertext object status value archer record current status valueslistids array unique identifier archer record date/time occurred string output field archer record date/time occurred archer record date/time reported string output field archer record date/time reported archer record days open number output field archer record days open archer record default record permissions object output field archer record default record permissions archer record default record permissions grouplist array output field archer record default record permissions grouplist archer record default record permissions grouplist hasdelete boolean output field archer record default record permissions grouplist hasdelete archer record default record permissions grouplist hasread boolean output field archer record default record permissions grouplist hasread archer record default record permissions grouplist hasupdate boolean date value archer record default record permissions grouplist id number unique identifier archer record default record permissions userlist array output field archer record default record permissions userlist archer record default record permissions userlist file name string name of the resource archer record default record permissions userlist file string output field archer record default record permissions userlist file archer record google map string output field archer record google map archer record id number unique identifier archer record incident details string unique identifier archer record incident result object unique identifier archer record incident result othertext object unique identifier archer record incident result valueslistids array unique identifier output example {"status code" 200,"response headers" {"content length" "140","content type" "application/json","date" "tue, 19 dec 2023 20 37 23 gmt"},"reason" "ok","json body" {"archer" {"record" {}}}} get user by id retrieves a user's details from archerirm by the specified user id, requiring path parameters and headers endpoint url /core/system/user/{{userid}} method post input argument name type required description path parameters userid number required id of user content to be retrieved headers object required http headers for the request headers x http method override string required post is valid only if you include the x http method override \ get statement in the request header input example {"path parameters" {"userid" 1470},"headers" {"x http method override" "get"}} output parameter type description status code number http status code of the response reason string response reason phrase links array output field links links file name string name of the resource links file string output field links file requestedobject object output field requestedobject requestedobject id number unique identifier requestedobject displayname string name of the resource requestedobject firstname string name of the resource requestedobject middlename object unique identifier requestedobject lastname string name of the resource requestedobject lastlogindate string date value requestedobject username string name of the resource requestedobject accountstatus number status value requestedobject domainid object unique identifier requestedobject securityid number unique identifier requestedobject locale object output field requestedobject locale requestedobject timezoneid string unique identifier requestedobject address object output field requestedobject address requestedobject company object output field requestedobject company requestedobject title object output field requestedobject title requestedobject additionalnote object output field requestedobject additionalnote requestedobject businessunit object output field requestedobject businessunit requestedobject department object output field requestedobject department requestedobject forcepasswordchange boolean output field requestedobject forcepasswordchange output example {"status code" 200,"response headers" {"content length" "140","content type" "application/json","date" "tue, 19 dec 2023 20 37 23 gmt"},"reason" "ok","json body" {"links" \[],"requestedobject" {"id" 1470,"displayname" "doe, john","firstname" "john","middlename"\ null,"lastname" "doe","lastlogindate" "2016 09 13t15 16 18 35","username" "doej","accountstatus" 1,"domainid"\ null,"securityid" 1,"locale"\ null,"timezoneid" "eastern standard time","address"\ null,"company"\ null,"title"\ null},"issuccessful" search records by report id or guid executes a search for records in archerirm using a specific report id or guid, with pagination support endpoint method get input argument name type required description reportidorguid string required internal id or guid of the report whose records you want to query pagenumber number required integer of the page (1,2,3,…,n) of search results to return input example {"reportidorguid" "1580","pagenumber" 10} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {"content type" "text/html; charset=utf 8","x hsci cache time" "2024 10 21t12 01 22 328z","content encoding" "gzip","expires" "mon, 21 oct 2024 12 08 57 gmt","cache control" "max age=0, no cache, no store","pragma" "no cache","date" "mon, 21 oct 2024 12 08 57 gmt"},"reason" "ok","json body" {}} update record updates an existing content record in archerirm with specified 'content' details provided in the json body endpoint url /core/content method put input argument name type required description content object optional response content content id number required unique identifier content levelid number required unique identifier content fieldcontents object required response content content fieldcontents 3202 object optional response content content fieldcontents 3202 type number optional type of the resource content fieldcontents 3202 value object optional value for the parameter content fieldcontents 3202 value valueslistids array optional unique identifier content fieldcontents 3202 value othertext object optional value for the parameter content fieldcontents 3202 fieldid number optional unique identifier content fieldcontents 3204 object optional response content content fieldcontents 3204 type number optional type of the resource content fieldcontents 3204 value number optional value for the parameter content fieldcontents 3204 fieldid number optional unique identifier content fieldcontents 10066 object optional response content content fieldcontents 10066 type number optional type of the resource content fieldcontents 10066 value array optional value for the parameter content fieldcontents 10066 fieldid number optional unique identifier content version string optional response content subformfieldid number optional subform field id that must be passed when subform content is being saved otherwise, this parameter can be omitted input example {"json body" {"content" {"id" 123,"levelid" 9,"fieldcontents" {"3202" {"type" 4,"value" {"valueslistids" \[2405],"othertext"\ null},"fieldid" 3202},"3204" {"type" 2,"value" 0,"fieldid" 3204},"10066" {"type" 23,"value" \[150622],"fieldid" 10066}},"version" "44"},"subformfieldid" 123}} output parameter type description status code number http status code of the response reason string response reason phrase links array output field links links file name string name of the resource links file string output field links file requestedobject object output field requestedobject requestedobject id number unique identifier issuccessful boolean whether the operation was successful validationmessages array unique identifier output example {"status code" 200,"response headers" {"content length" "140","content type" "application/json","date" "tue, 19 dec 2023 20 37 23 gmt"},"reason" "ok","json body" {"links" \[],"requestedobject" {"id" 123454},"issuccessful"\ true,"validationmessages" \["correct"]}} response headers header description example cache control directives for caching mechanisms max age=0, no cache, no store content encoding http response header content encoding gzip content length the length of the response body in bytes 140 content type the media type of the resource application/json date the date and time at which the message was originated tue, 19 dec 2023 20 37 23 gmt expires the date/time after which the response is considered stale mon, 21 oct 2024 12 08 57 gmt pragma http response header pragma no cache x hsci cache time http response header x hsci cache time 2024 10 21t12 01 22 328z