Proof of Concept Checklist for Reputation Security Monitor Version 1.5.1

Summary:

The document outlines a checklist for installing and configuring Reputation Security Monitor version 1.5, tailored for a proof of concept (POC) environment. Key steps include obtaining an evaluation license, importing a solution package, adjusting server configurations, setting heap sizes, and ensuring proper connector installation and configuration. Additionally, there are instructions for modifying minimum heap settings, starting the Model Import Connector, checking active lists, reviewing agent logs, provisioning data manually if no internet access is available, and deploying rules for effective monitoring.

Details:

The checklist provided outlines steps for installing and configuring Reputation Security Monitor v1.5, ensuring successful deployment through a proof of concept (POC). Here’s a summary of key points from the checklist: 1. **Request an Evaluation License**: Obtain a 60-day evaluation license within your POC timeframe to avoid any licensing issues during setup and testing. 2. **Import the Solution Package**: Import the provided solution package named ArcSight-SolutionPackage-RepSM.1.5.1262.0.arb, which includes necessary configurations for Reputation Security Monitor. 3. **Configure Active List Capacity**: Adjust the server configuration by modifying the `\config\server.properties` file to set `activelist.max_capacity=1000000`. Restart the Manager to apply this change, noting that this setting caps the number of entries in active lists at 1 million due to a limitation noted in October. 4. **Set Manager Heap Size**: Ensure the Manager’s heap size is set to at least 4 GB. This can be verified and adjusted through the Management Console under Administration, Configuration Management, and Server Management settings. 5. **Install Model Import Connector (for systems with internet access)**: Install the connector only if there’s internet access on your POC environment. It must run on a 64-bit system. After installation, configure it in the console using the admin account, setting the heap size to at least 256 MB by default. These steps ensure that Reputation Security Monitor is properly set up within the constraints of the POC environment, with considerations for potential future enhancements and limitations addressed where necessary. To summarize the steps provided, here's a concise version of what needs to be done: 1. **Modify Minimum Heap Setting**: Set the minimum heap size for your application or system to at least 4 GB. This ensures sufficient memory is allocated for smooth operation and import processes. 2. **Start Model Import Connector**: Initiate the Model Import Connector, which will handle the import of updated configurations and data. Wait until it confirms receipt of the new settings. 3. **Verify Connector Functionality**: Check if the Model Import Connector is functioning correctly by reviewing its logs or status indicators. 4. **Check Active Lists**: Navigate to the Console's Active Lists resource, specifically looking at entries in:

• \Active Lists\Shared\ArcSight Solutions\Reputation Security Monitor 1.5

• Malicious Domains

• Malicious IP Addresses

Verify that these lists are starting to populate with relevant data. 5. **Review Agent Log**: Examine the agent log file of the Model Import Connector for any errors or issues during the import process. 6. **Alternative Data Provisioning (if no internet access)**: If your proof of concept environment lacks internet connectivity, download the Active Lists manually and import them into your appliance. These lists are typically updated monthly on HP Connections. 7. **Verify Import Success**: Ensure that the imported data has been successfully populated in the specified Active Lists as per steps 4. 8. **Deploy RepSM Rules**: Access the rules section within the ArcSight Console, locate the "ArcSight Solutions/Reputation Security Monitor 1.5" group, and deploy the new or updated rules to this group. 9. **Confirm Deployment**: After deploying the rules, they should appear under the "Real-time Rules/Reputation Security Monitor 1.5" group in the Navigator panel. These real-time rules are linked back to the main Reputation Security Monitor rules for effective enforcement and monitoring within your system.