This playbook starts with a User Action trigger tied to ThreatConnect Incidents. When triggered it will parse the Incident attributes and create an Archer record with relevant fields.
This playbook expects the following organization variables:
RSA Archer Password
RSA Archer Username
RSA Archer Instance Name
RSA Archer Base URL