One of my favorite things about the RSA community and the idea exchange is the ability to gather feedback and insight from the community on how RSA Archer could make great features even more useful. In this topic, I am going to cover several feature updates made in 6.5 that tied up some of the loose ends for each feature. Most of these updates are for some of the more recently introduced features. Let’s take a look.
Ability To Set Values List Field To No Selection Via DDE Action
This first update is actually not one for a new feature, but it does originate from a long standing request. In 6.5, you can use a Set Values List DDE action to set a Values List field to No Selection. This request was number one with a bullet on the RSA Idea exchange so hopefully its availability serves as an incentive to keep those votes coming. This feature adds No Selection as a possible value for a Set Values List action.
In the above example, whenever the Not Ready For Review rule is true, the Review Status is set to No Selection, effectively clearing it out. This allows administrators to easily implement a process where if one field is reset, related fields can be blanked out and the user can be forced to make another selection. Prior to this feature being added, values list fields could only be cleared with a custom object or data feed. Note that the No Selection setting is supported by all control types available for values list fields.
History Log Support For Batch Content Save
The Batch Content Save feature introduced in 6.4 was also significantly improved upon in 6.5. In 6.5, you can also optionally configure data feeds to track content changes in the history log during batch content save processing. This allows you to take advantage of the performance boost provided by batch content save when ingesting large amounts of data via a data feed, while still tracking changes made by the data feed. The history log changes can be optionally enabled via the new EnableBatchContentSaveHistoryLog token for data feeds. This boolean token must be used in conjunction with the BatchContentSave token. To track history log changes, BatchContentSave must be set and EnableBatchContentSaveHistoryLog must be set to True.
It is important to note that even with these data feed tokens enabled, the history log will not capture changes to cross-reference and related record fields made by the data feed. Fortunately enabling batch content save history log tracking should have very minimal performance impact on data feed execution.
Calculated Source Fields In Bulk Create Reference Actions
To add even more flexibility when populating fields in bulk processing actions, the ability to configure calculated source fields has been added for Bulk Create Reference actions. This feature allows you to build strings based on attributes of the group used to collect records for the bulk create reference action. These strings can be used to target text fields in the newly created record which will give better context for the intent of the grouping.
A new Calculated operator has been added to the list of Operators in the Field Value Expression for Bulk Create Reference action which previously included Static and Mapped. The Static operator is used to set a field to the same value for every record created during the bulk create process. The Mapped operator allows you to set a target field directly to an attribute of the grouping. The Calculated operator is available for text fields and allows you to concatenate field values from the attributes of a group. When you click the pencil icon in the Value field associated with a Calculated operator, the user is presented a Calculation editor to create the formula to build a source string for the target field. The fields available are based on the fields used in the Group By configuration.
For example, let’s assume you want to create a daily schedule that will group new Vulnerability Scan Results by the Asset Group defined in the scan result and the Application supported by the Device associated with the scan result and assign each grouping to a single Vulnerability Ticket. To achieve this you create a schedule against the Vulnerability Scan Result application which collects new scan results. Then you create a Bulk Create Reference action which targets the Vulnerability Ticket cross-reference in Vulnerability Scan Results. For the Group By you would select the Asset Group field from VSR’s and the Application cross-reference in the associated Devices application.
Because the Bulk Create Reference action is targeting a cross-reference field pointing to Vulnerability Tickets. The Target fields in the Field Value Expression will be fields in the Vulnerability Tickets. Assume that you want set four fields Ticket Owner (mapped from the Application Owner), Ticket Due Date (set to 7 days from current date), Ticket Name, and Ticket Description. You would like the Ticket Name and Ticket Description to provide context of the group used to collect the VSR’s into a Ticket. Consequently you use the Calculated operator to build a string. Clicking the pencil icon presents the Calculation Editor
Similar to the Calculation Editor for fields, the left pane presents an Available tree showing all fields that can be used to build a string. The available fields are based on the fields used in the Group By configuration. Any non-reference fields of supported field types used in the group by will be available. If you of group by a reference field all fields of supported types in that associated application are available. The supported field types are Text, Numeric, and Values List. The syntax is validated when you click the OK button of the Calculation Editor.
Clicking any field in the Available pane pastes it with the proper syntax at the current cursor position in the Configuration area. The syntax includes the full path to the selected field so that the value for the group can be resolved at execution time. The only operator that can be used is the concatenation operator (&). The above example is the formula for Ticket Name field. The formula will set the name for each ticket to the Asset Group and Application Name for each grouping or bucket of VSR’s. Those fields are separated by the static text “-“ . Any static text used to build the string must be enclosed by double quotes. Similarly the formula for the Ticket Description field could be “This ticket was created for new scans with the asset group “&{[Vulnerability Scan Results],[Asset Group]}&” which affect devices supporting the “&{[Vulnerability Scan Results].[Devices].[Applications],[Application Name]}&” application.” As Vulnerability Tickets are created, the asset group and application name will be substituted in this string to set the description.
Inline Edit For Calculated Cross Reference and Related Record Fields
This final feature did not actually make it in the initial 6.5 release due to some technical considerations, but it will be available in first 6.5 CPR (6.5.0.1) scheduled to be available on 12/19/2018. This feature simply allows you to select the Enable Editable Grid Display option along with the Calculated Field option.
This allows for the best of both worlds.
1) Ability to automatically link content in an automated fashion based on comparing attributes between content
2) Ability to edit fields in related content directly in the reference grid.
For example, assume you link Assessments to Controls directly. You also want visibility to these assessments in the Business Processes which own these controls. Consequently, you create a calculated cross-reference in Business Process to automatically link the appropriate Assessments. With the ability to inline edit, the control owners can now attest to the controls directly from one cross-reference showing all the control assessments they need to complete for the Business Process.
Please join me for this week’s Free Friday Tech Huddle to see these feature and others detailed in blogs to follow!!