RSA Archer
RSA Archer is an integrated risk management (IRM) platform that centralizes governance, risk, and compliance data across your organization. You can bring application record data from RSA Archer into Brinqa to gain a unified view of your risk posture, thus strengthening your cybersecurity posture.
This document details the information you must provide for the connector to authenticate with RSA Archer and how to obtain that information from RSA. See create a data integration for step-by-step instructions on setting up the integration.
Required connection settings
When setting up a data integration, select RSA Archer from the Connector dropdown. If you cannot find the connector in the dropdown, make sure that you have installed it first. You must provide the following information to authenticate RSA Archer with Brinqa:
-
URL: Your organization's RSA Archer server base URL. The default format is
https://<archer-server>/RSAarcher. -
Instance name: The name of your RSA Archer instance.
-
Username and Password: The username and password associated with the RSA Archer user account that has permissions to access the Archer REST API.
Create an RSA Archer API user
For the RSA Archer connector to access the Archer REST API, you must have a user account with the appropriate permissions. To create a new RSA Archer user or verify existing credentials, follow these steps:
-
Log in to your RSA Archer instance as an administrator.
-
Navigate to Administration > Access Control > Users.
-
Create a new user or select an existing user account.
-
Ensure the user has read access to the Archer applications and fields you want to synchronize with Brinqa.
-
Take note of the username, password, and instance name and provide them in the corresponding fields in the integration configuration.
If you do not have the permissions to create or manage users, contact your RSA Archer administrator. For additional information, see RSA Archer documentation.
Types of data to retrieve
The RSA Archer connector dynamically discovers Archer applications and their field definitions through the Archer Platform API. Each Archer application becomes a connector object with attributes derived from the application's field configuration.
Table 1: Data retrieved from RSA Archer
| Connector Object | Required | Maps to Data Model |
|---|---|---|
| Archer Application | No | Not mapped |
The RSA Archer connector dynamically discovers available applications from your Archer instance. The specific connector objects available depend on your Archer configuration. Each discovered application appears as a selectable connector object during integration setup.
Since Archer applications vary across deployments, there is no predefined mapping to a Brinqa data model. You must define the mappings yourself. See Data Consolidation for additional information.
For detailed steps on how to view the data retrieved from RSA Archer in the Brinqa Platform, see How to view your data.
Attribute mappings
The RSA Archer connector dynamically generates attributes based on the field definitions configured in each Archer application. The base attributes below are always present for every connector object. Additional attributes are generated from the Archer field definitions specific to each application.
Expand the section below to view the base attribute mappings.
Archer Application (base attributes)
Table 2: Archer Application base attribute mappings
| Source Field Name | SDM Attribute |
|---|---|
| Connector (auto-set) | LAST_CAPTURED |
| Tracking ID Field | NAME |
| Tracking ID Field | Sys_ID |
| Tracking ID Field | UID |
In addition to the base attributes above, the connector dynamically generates attributes from the Archer field definitions for each application. The following field types are supported:
- Cross Reference
- Date
- External Links
- First Published Date
- IP Address
- Last Updated
- Numeric
- Record Status
- Subform fields (mapped as
<ParentField>__<SubField>) - Text
- Tracking ID
- Users/Groups List
- Value List
Unsupported field types (Attachment, Image, Matrix, History Log, Discussion, and others) are skipped automatically.
Operation options
The RSA Archer connector supports the following operation options. See connector operation options for information about how to apply them.
Table 3: RSA Archer connector operation options
| Connector Object | Option | All Possible Values | Description | Example |
|---|---|---|---|---|
| Archer Application | override_endpoint | Any valid Archer Content API endpoint name | Overrides the default Content API endpoint name for an application. Use this when the endpoint name differs from the application name. | Key: override_endpoint Value: Applications_Assessments. This key and value combination directs the connector to use the Applications_Assessments endpoint instead of the default application endpoint. |
APIs
The RSA Archer connector uses the RSA Archer REST API. Specifically, it uses the following endpoints:
Table 4: RSA Archer API endpoints
| Connector Object | API Endpoint |
|---|---|
| Archer Application | POST /platformapi/core/security/login |
GET /platformapi/core/system/application | |
GET /platformapi/core/system/fielddefinition/application/{appId} | |
GET /contentapi/{endpoint} | |
GET /platformapi/core/content/fieldcontent | |
GET /platformapi/core/system/user | |
GET /platformapi/core/system/group | |
POST /platformapi/core/content | |
PUT /platformapi/core/content |
Changelog
The RSA Archer connector has undergone the following changes:
Table 5: RSA Archer connector changelog
| Version | Description | Date Published |
|---|---|---|
| 3.0.2 | Improvements - Added mandatory 'LAST_CAPTURED' timestamp to all synced records, recording the exact time each record is captured by the connector - Migrated single-valued attribute construction from 'AttributeInfoBuilder' to 'AttributeInfos.newAttribute()' for Brinqa 3.x compliance - Enabled synchronization and write-back for Users/Groups List fields (Type 8), allowing user and group assignment data to flow into Brinqa - Date, First Published Date, and Last Updated fields are now synchronized as proper 'Instant' timestamp values instead of numeric epoch values - Write-back for date fields now reads values as 'Instant' objects instead of 'Long' epoch millis, correctly matching the updated sync data type - Consolidated all hardcoded API path strings into centralized endpoint constants - Tightened visibility of internal constants and fields to 'protected' or 'private' - Replaced mutable 'RESERVED_ATTRIBUTES_NAMES' list with an immutable collection - Introduced 'UNIFIED_ATTRIBUTE_INFOS' collection to consistently add 'UID' and 'LAST_CAPTURED' to all object class schemas - Added whitespace-tolerant value list name comparison - Removed the 'Source_' prefix-stripping step during create/update. Attributes are now matched to Archer fields by their API name directly - Added structured debug logging for schema field mappings and field value resolution during sync and write-back operations Bug Fixes - Fixed an issue where the record identifier (UID) could resolve to the wrong field when multiple Tracking ID-type fields existed in an application - Fixed date field formatting so that date values are correctly interpreted as ISO-8601 timestamps instead of raw numeric values Migration Required - All Archer Application Records: The Tracking ID resolution logic has changed. Records may now use a different field as their unique identifier. Action: purge and re-sync all Archer applications to ensure consistent record mapping. - All Archer Application Records: Date and DateTime field types have changed from 'Long' to 'Instant'. Action: purge and re-sync to apply the corrected data types. | June 12th, 2026 |
| 3.0.1 | Improvements - Replaced single-application schema discovery with multi-application support. The connector now discovers all active Archer applications and registers each as a separate object class, instead of exposing only the first one found - Improved 'listValues' null-safety: returns an empty list instead of null when the map value is not a list, preventing potential NullPointerException during attribute extraction - Applied Spotless code formatter across the entire codebase for consistent code style Infrastructure - Upgraded 'http-connectors-parent' from 2.1.9 to 2.1.11 - Upgraded 'connectors-model' from 1.6.11 to 1.6.12 | May 2026 |
| 3.0.0 | Initial Integration+ release. | April 2026 |