RSA Archer : Status Update by Mail

RSA Archer : Status Update by Mail

Ever wondered if RSA Archer platform supports mail Approval/Reject functionality for forms. It has been very uneasy for management to open Archer through links and then update the status of the record to Approve/Reject. Because of the flexibility that Archer platform solution offers, I was able to do this using REST API, but the solution using API was unstable and caused issues. In time I was able to put some thought to mail to links and mail monitoring feed in the archer. The below diagram shows how both this could be tweaked to enable mail Approval/Reject in the platform.

Let’s look at how we could do this. Its bit of a round solution as the Archer platform doesn’t have an out of box solution to offer yet.

Prerequisites:

  • A new dedicated Mail Box for Archer.
  • New Archer ODA

Implementation

Step 1: Create two calculated fields in the target application. The target application is where the mail comes from and status is to be updated. The calculated fields should be a mailto link with the subject as “ApplicationName_RecordID”  and to should be the “New Mailbox address”.

eg: An Action taken for any incident is sent as, mail to the corresponding person for review and response. Approve is given as a mailto link in the calculated field and reject is another field.

(Note: If unfamiliar with mailto , check out: https://www.lifewire.com/how-to-create-a-mailto-link-3466469 ) . This step could also be done by editing HTML of the notification email directly which lets you skip step 2. But I suggest trying this as this would be more stable than direct editing HTML in the notification.

Step2: Concatenate both this approve and reject fields in the notification being sent.

Eg: “ Dear Sir/Madam, Kindly Approve/Reject the action taken for the incident [Field: Name]

Click [Field: Approve] to Approve

Click [Field: Reject] to Reject

Step3: Response of the mail is sent as a replay when clicked on the mailto link to the mailbox we created.

Step 4:  Create an ODA with the fields mentioned below:

Name_ID

Application Name (Calculated)

Record ID (Calculated)

Body

From

Step 5: Run a mail monitoring feed to the new archer mailbox using mail monitoring data feed. Keep the schedule as minutely and don’t forget to tick the delete emails after the feed is run. In the feed, data map the following to the target ODA we created in step4:

Name_ID       ->    Subject

Body               ->    Body

From              ->     From

Note: Make sure to schedule the feed to minute basis.

Step6: In the ODA we could see the fields populated. And the calculated fields Application Name and Record ID is calculated by the formula constructed using “Len and Right, Left” to split the subject by the symbol “_” to separate the application name and the record ID.

Step7: Now we have an ODA which has all the mail approvals, defining who send the approval, What is the status to be updated ( body), what is the application name and what is the record in that application (Record ID).

Step8: Now what is remaining is to create a cross-reference to this ODA in target application and a simple comparison between application name, record ID and the status field ie the body is required and we have the mail status update ready.

Note: The body of the mail would be like Approve text and this is compared with the status field value to determine status update.

 

The solution may appear to be confusing at first but this has been quite successful. But I can’t promise on stability as this is not a documented solution which RSA provides but has been custom developed by me.

Hope this could prove useful in some way or the other 😊

GRC Admin, GRC Consultant, RSA Archer Certified Associate, RSA Archer Script Writer, ISMS and NESA Consultant, ISO-20000, ISO-27001, ISO-22301 Lead Auditor, Ex-Entrepreneur, Ex- Microsoft Student Partner, Web Developer, Android and Universal Windows Platform Developer, Know More about Me @ www.saneen.in/about

Leave a Reply

Your email address will not be published. Required fields are marked *

Back To Top