Axonius Documentation
  1. Connecting Adapters
  2. Adapters 1-A

Archer IRM

Archer IRM delivers innovative solutions that help businesses protect their assets, meet compliance requirements, and proactively manage risks.

Asset Types Fetched

This adapter fetches the following types of assets:

  • Devices
  • Users
  • Applications
  • Application Settings

Before You Begin

Required Ports

Axonius must be able to communicate with the value supplied in Host Name or IP Address via the following ports:

  • Port 443

APIs

Axonius uses the Archer REST API with the following endpoints:

  • POST platformapi/core/security/login - Session authentication
  • GET platformapi/core/system/user - Retrieve users
  • GET contentapi/{devices_endpoint} - Retrieve devices (endpoint name configurable)
  • GET contentapi/Applications - Retrieve applications (if enabled)
  • GET platformapi/core/system/securityparameter - Retrieve security parameters

Required Permissions

The value supplied in User Name must be assigned to an Access Role with the following permissions:

Read Permissions Required

  • Read permissions for User Management APIs
  • Read permissions for Content APIs (to access devices, applications, and other content records)
  • Read permissions for Security Parameters APIs

Application-Level Access

The user's Access Role must grant Read access to:

  • Applications containing device and user data (specifically the configured devices endpoint)
  • All levels/applications that contain assets to be fetched

Note: The API returns only the data that the user account can view in the Archer User Interface. Ensure the user has appropriate Read permissions for all applications and levels containing asset data.

Recommended Access Role

For optimal data collection, assign the user to an Access Role that includes:

  • Read privileges on all target applications
  • Access to system-level user management resources
  • No Create, Update, or Delete permissions are required

Important: Archer API privileges and Archer platform privileges are shared. If a user has Read privileges to an application in Archer, they can use API calls that require Read permissions for that application.

Connecting the Adapter in Axonius

To connect the adapter in Axonius, provide the following parameters:

Required Parameters

  1. Host Name or IP Address - The hostname or IP address of the Archer server that Axonius can communicate with via the Required Ports.

  2. User Name and Password - The credentials for a user account that has the Required Permissions to fetch assets.

  3. Instance Name - The Archer instance name.

RSA_Archer_6-4-22

Optional Parameters

  1. User Domain - The domain of the user.

  2. API Prefix - Specify the directory path used to access the API. Unless otherwise specified, the API prefix defaults to: /Archer

  3. Verify SSL - Select whether to verify the SSL certificate of the server against the CA database inside of Axonius. For more details, see SSL Trust & CA Settings.

  4. HTTPS Proxy - Connect the adapter to a proxy instead of directly connecting it to the domain.

  5. HTTPS Proxy User Name - The user name to use when connecting to the value supplied in Host Name or IP Address via the value supplied in HTTPS Proxy.

  6. HTTPS Proxy Password - The password to use when connecting to the server using the HTTPS Proxy.

To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.

Advanced Settings

📘

Note

Advanced settings can either apply to all connections for this adapter, or to a specific connection. Refer to Advanced Configuration for Adapters.

  1. URL endpoint for devices (required, default: Devices) - Enter a name of the URL endpoint for devices, as it appears in the Archer Configuration page.
  2. Fetch Applications - Select this option to fetch applications.
  3. Fetch Application Settings - Set this option to fetch security parameter settings from Archer IRM, including password policies, session timeout, and account lockout configurations.
📘

Note

To learn more about Adapter Configuration tab advanced settings, see Adapter Advanced Settings.