3. Contents
Reputation Security Monitor Plus 1.6 4
How RepSM Plus Works 4
What's New in RepSM Plus 1.6 4
RepSM Plus Requirements 4
Release Contents 5
Installing RepSM Plus 5
Performance Impact of RepSM Plus 6
Open Issues 6
Send Documentation Feedback 8
HPE Reputation Security Monitor Plus 1.6 Page 3 of 8
4. Reputation Security Monitor Plus 1.6
How RepSM Plus Works
The Reputation Security Monitor Plus (RepSM Plus) solution uses internet threat intelligence to detect
malware infection, zero day attacks, and dangerous browsing on your network. RepSM Plus consists of
the following components:
l The HPE RepSM Plus service provides reputation data from the comprehensive database of
malicious IP addresses, host names, and domain names. The reputation database uses IPv4 and
Domain Name System (DNS) security intelligence feeds from multiple sources to provide a broad set
of reputation data.
l The HPE Model Import Connector for RepSM Plus imports the reputation data at regular intervals
from the RepSM Plus service to ArcSight ESM or ESM Express.
l The HPE RepSM Plus content running on ArcSight ESM or ESM Express correlates the reputation
data and security events to detect and remediate security incidents and issues that would otherwise
be undetectable. RepSM Plus content is organized into several use cases, which address specific
objectives.
For a complete overview of RepSM Plus, see the HPE Reputation Security Monitor Plus 1.6 Solution
Guide.
What's New in RepSM Plus 1.6
RepSM Plus 1.6 provides an updated version of the Model Import Connector for RepSM Plus. Refer to
the RepSM Plus Model Import Connector Guide for details.
The list of exploits has been expanded. Refer to the topic, "Exploit Types," in the RepSM Plus Solution
User's Guide for RepSM Plus 1.6.
Note: RepSM Plus 1.6 is available as a fresh installation only. Refer to the Support Matrix for a list of
current ESM versions. There are no upgrades from earlier versions of RepSM to this release.
RepSM Plus Requirements
l This release of RepSM Plus is supported on currently available versions of ESM, but only as fresh
installs. See the Solutions Support Matrix in Protect724 for more details.
HPE Reputation Security Monitor Plus 1.6 Page 4 of 8
5. l The ArcSight ESM Manager Java heap memory size must be set to at least 4 GB to support RepSM
Plus. If your Java heap memory size for Manager does not meet the requirements, see the ArcSight
ESM Administrator's Guide.
l RepSM Plus requires the Model Import Connector for RepSM Plus with an active subscription to the
RepSM Plus service. For additional connector requirements, see the Model Import Connector for
RepSM Plus Configuration Guide and accompanying release notes.
Release Contents
File Name Description
RepSM Plus Solution
Reputation_Security_Monitor_Plus_
1.6.arb
The installation package for all operating systems. Contains all the resources
for the RepSM Plus content package.
Note: Internet Explorer sometimes converts the ARB file to a ZIP file during
download. If this occurs, rename the ZIP file back to an ARB file before
importing into ArcSight ESM or ESM Express.
ESM_RepSM Plus_Solution_RelNotes_
1.6.pdf
The release notes (this document).
ESM_RepSM_Plus_SolutionGuide_
1.6.pdf
The HPE Security ArcSight Reputation Security Monitor 1.6 Solution Guide
provides product architecture, installation, configuration, and operation
instructions with a description of product contents.
Model Import Connector for RepSM Plus
ArcSight-7.3.0.7954.0-
RepSMModelConnector- Linux64.bin
ArcSight-7.3.0.7954.0-
RepSMModelConnector- Win64.exe
The installation executables for the Model Import Connector for RepSM Plus.
RepSMPlusModelImportConn_
RelNotes_7.3.0.7954.0.pdf
The Model Import Connector for RepSM Plus Release Notes provide a product
description and open issues.
RepSMPlusModelImportConn_
ConfigGuide_7.3.0.7954.0.pdf
The Model Import Connector for RepSM Plus Configuration Guide provides
information about installing and configuring the Model Import Connector for
RepSM Plus.
Installing RepSM Plus
For installation and configuration instructions, see the HPE Security ArcSight Reputation Security
Monitor Plus 1.6 Solution Guide.
Note that HPE provides a digital public key to enable you to verify that the signed software you
received is indeed from HPE and has not been manipulated in any way by a third party. Visit the
Release Notes
Reputation Security Monitor Plus 1.6
HPE Reputation Security Monitor Plus 1.6 Page 5 of 8
6. following site for information and instructions. Be sure to copy and paste the entire URL into a browser
to access the correct page:
https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=HPLinuxCode
Signing
Performance Impact of RepSM Plus
ArcSight solution content packages contain data monitors, trends, and rules that can place an
additional load on the ArcSight Manager and impact performance. If your ArcSight system is operating
at an average event per second (EPS) rate that has maximized the CPU utilization, you might
experience a reduced average EPS rate after installing the RepSM Plus package. If this performance
impact occurs, you can disable unneeded data monitors, trends, and rules to reduce the load on the
Manager.
Open Issues
Number Description
CON-12419 When restarting the Model Import Connector for RepSM Plus after it has been inactive for an
extended time, for example, more than a month, the connector retrieves all of the available
reputation data deltas at once, instead of retrieving a full update or only the appropriate
deltas.
Workaround: Restart the connector and perform a full import of the reputation data, as
described in the Model Import Connector for RepSM Plus Configuration Guide.
SOL-3606 Uninstalling RepSM Plus might fail with the following error:
Uninstall Failed: Unable to find resource with id 'kC85lx0BABCArD6yGhA5iA=='
Workaround: Restart the ArcSight Manager and then uninstall the RepSM Plus package.
SOL-3657 The Zero Day Attack Cases query viewer drilldowns do not show any data. The query viewer is
part of the Overview of Zero Day Attacks dashboard.
Workaround:
1. Edit the following query:
All Queries/ArcSight Solutions/Reputation Security Monitor 1.5/Zero Day Attacks/Summary
of Open Cases on Zero Day Attacks
2. On the Conditions tab, change the Group ID from:
0dRXhJTgBABCCLw7XLpNxFg==
to:
0MM5lXj0BABCBsT6yGhA5iA==
3. Save the query.
Release Notes
Reputation Security Monitor Plus 1.6
HPE Reputation Security Monitor Plus 1.6 Page 6 of 8
7. Number Description
SOL-3663 Installing RepSM Plus might fail with the following error:
Not enough privileges to modify All Drilldowns/Attachments/...
Workaround: Restart the ArcSight Manager and then install the RepSM Plus package.
SOL-3889 The /All Reports/ArcSight Solutions/Reputation Security Monitor Plus/General
Scenarios/Malicious Communication Trend over Time of the Last Day is supposed to run on
the last day; however the report configures and runs over the last seven days.
Workaround: Modify the time range manually. Right click the name of the report and select
Run > Report. In the Report Parameters dialog, change the Start Time custom parameter to
$Now - 1d and click OK.
SOL-3890 The /All Queries/ArcSight Solutions/Reputation Security Monitor Plus/General Scenarios/Layer
2 Events - Trend Base query description on the ArcSight Console states that the query
retrieves all Layer 2 events during the last hour.
This description is incorrect; the query retrieves all Layer 2 events during the last day.
Release Notes
Reputation Security Monitor Plus 1.6
HPE Reputation Security Monitor Plus 1.6 Page 7 of 8
8. Send Documentation Feedback
If you have comments about this document, you can contact the documentation team by email. If an
email client is configured on this system, click the link above and an email window opens with the
following information in the subject line:
Feedback on Release Notes (Reputation Security Monitor Plus 1.6)
Just add your feedback to the email and click send.
If no email client is available, copy the information above to a new message in a web mail client, and send
your feedback to arc-doc@hpe.com.
We appreciate your feedback!
HPE Reputation Security Monitor Plus 1.6 Page 8 of 8