SOFTwarfare KillerAppz™ v1.0
Archer integration with SOFTwarfare KillerAppz enables better coordination and faster response to security incidents using KillerAppz orchestration playbooks. The integration provides analysts all the key information and prescriptive instructions they need to resolve incidents and can be used to maintain and close Archer incidents as part of the resolution process.
On this page
Release history
Last updated: October 2018
Solution summary
|
Partner Integration Overview |
|
|---|---|
|
Archer Solution |
IT & Security Risk Management |
|
Archer Use Case |
Security Vulnerability Management, Security Threat Management |
|
Archer Applications |
IT Security Vulnerabilities Program, IT Risk Management |
|
Uses Custom Application |
No |
|
Requires On-Demand License |
No |
Solution overview
Benefits
Integrating SOFTwarfare KillerAppz with Archer provides the following benefits:
-
Out-of-the-box integration and sample playbooks to integrate with Archer for vulnerability management.
-
Create, modify or close Archer vulnerability tickets and response playbooks through KillerAppz incident investigations.
Note: the use cases outlined here are provided as examples of potential integration points between SOFTwarfare KillerAppz and Archer. Because of the flexibility of this solution, they can be implemented as-is or customized to suit your needs. For more information on customizing and implementing specific use cases, please contact SOFTwarfare at support@softwarfare.com.
Example Use Case – Vulnerability data
Users can leverage Nexpose Rapid 7 or equivalent software to scan for vulnerabilities on their devices. Using the KillerAppz-Nexpose connector, the vulnerability data will be retrieved and stored within the KillerAppz platform, which will then be pushed into Archer using the KillerAppz- Archer connector. For the purpose of this document, we will be using Archer IT & Security Risk Management, concentrating on the Archer IT Security Vulnerabilities Program. Using the Security Vulnerabilities program, clients can document all the vulnerabilities and remediate them. If remediated, KillerAppz can trigger Nexpose to re-scan the device to retrieve the latest vulnerabilities.
Authorization
Create vulnerability
Retrieve vulnerability details
-
Updates a Vulnerability with the required information back from an Investigation.
-
Retrieves remediation information once a remediation is added to the vulnerability.
KillerAppz comes preinstalled with the Archer integration which uses Archer’s REST APIs to implement the above actions. Customers can connect to the Archer application and create, update and manage vulnerabilities using the integration.
KillerAppz polls vulnerabilities from (example Nexpose, Rapid7) to retrieve vulnerability data, which is then structured in the Archer native format to automatically create the vulnerability ticket.
Example Use Case – Threat intelligence
For this use case, users will use Cylance or equivalent software to scan for quarantines and threats from enterprise devices, and this information is pushed on to the KillerAppz platform using the Cylance-connector. Having retrieved this data, the KillerAppz platform will structure the data as per the Archer Incident Management module requirement and create an Incident under the Archer Security Incidents application. This transaction of creating an Incident in Archer is carried out using the KillerAppz-Archer connector.
Create threat using API
Threat details
Example Use Case - Cyber incident & breach response
KillerAppz Connectors can be extended to address other vital business use cases to address compliance. For example, cyber incidents that occur during day to day operations are documented in multiple different systems, but they could all be pushed automatically using the KillerAppz + Archer connectors to centrally house all this information under the Archer Cyber Incident & Breach Response module. This way the security and the regulatory team have one source of truth to follow, this will ease the audit process and make the auditors happy.
Example Use Case – PCI management
Qualified security assessors can document their findings and evaluation questions in ticketing or other security systems. This information pertaining to the PCI evaluation and audit could be funneled via. KillerAppz + Archer connector to be housed centrally under the Archer PCI Management module to the server as the source of truth and either act as evidence or additional information with other findings that could be housed under Vulnerability and Incident management modules. The auditor could sign off on the PCI assessment or perform a gap analysis based on the data that is provided under PCI Management.
Partner product configuration
Before you begin
This section provides instructions for configuring SOFTwarfare KillerAppz with Archer. This document is not intended to suggest optimum installations or configurations.
It is assumed that the reader has both working knowledge of all products involved, and the ability to perform the tasks outlined in this section. Administrators should have access to the product documentation for all products in order to install the required components.
All SOFTwarfare components must be installed and working prior to the integration. Perform the necessary tests to confirm that this is true before proceeding.
Important: The integration described in this guide is being provided as a reference implementation for evaluation and testing purposes. It may or may not meet the needs and use cases for your organization. If additional customizations or enhancements are needed, it is recommended that customers contact Archer Help for assistance.
To configure KillerAppz to integrate with Archer, perform the following steps below:
-
Deploy KillerAppz 1.x version and above.
-
Go to Connections > Add New Connection
-
Locate the Archer logo
-
Click on the Archer button to Add instance to create and configure a new integration. You should configure the following settings:
|
Server URL |
The server where the integration resides. |
|
Username/Password |
Credentials for the Archer Instance. |
|
Refresh Rate |
Refresh rate defines the interval in which KillerAppz must synch with Archer. Refresh rate could be either set to 30 sec, 1 min, 10 minutes, 30 minutes or 60 minutes. |
-
Press the Submit button to establish the connection.
-
If you are experiencing issues with the service configuration, please contact SOFTwarfare support at support@softwarfare.com
Certification environment
Date tested: September 2018
| Product Name | Version Information | Operating System |
|---|---|---|
|
Archer |
6.4 SP1 |
Virtual Appliance |
|
SOFTwarfare KillerAppz |
RSA Archer Connector 1.0 |
|