Proof of Concept Checklist for Reputation Security Monitor Version 1.54_1

Summary:

The document outlines steps for installing and configuring Reputation Security Monitor (RepSM) v1.54 from Hewlett Packard Enterprise (HPE). Key instructions include obtaining a 60-day evaluation license, updating server configuration to accommodate the "Malicious Domains Active List" capacity, restarting manager services, adjusting list capacities in the management console, verifying heap size settings, installing RepSM v1.54, configuring and starting Model Import Connector if internet access is available, and deploying rules related to Reputation Security Monitor 1.5 within the ArcSight appliance.

Details:

The provided checklist outlines the steps necessary to successfully install and configure Reputation Security Monitor (RepSM) v1.54 from Hewlett Packard Enterprise (HPE). Here's a summarized version of the instructions: 1. **Request an Evaluation License**: Obtain a 60-day evaluation license for RepSM v1.54. Internal licenses can be requested following this process, which typically takes up to 24 hours but should be arranged before starting the proof of concept. 2. **Configure Active List Capacity**: Update the server configuration by adding `activelist.max_capacity=2250000` to the `\config\server.properties` file. Ensure this matches the "Malicious Domains Active List" capacity of 2,250 entries (x1000). 3. **Restart Manager**: Apply changes by restarting the manager service for new settings to take effect. 4. **Edit Malicious Domains Active List**: Adjust the list capacity in the management console to match the configuration file setting. 5. **Verify Manager Heap Size**: Ensure the "Manager Heap Size" is set to at least 4 GB in both the management console and server settings. 6. **Install RepSM v1.54**: Install the latest version of RepSM using the provided solution package `ArcSight-SolutionPackage-RepSM.1.52.1345.0.arb`. 7. **Model Import Connector Configuration (Optional)**: If internet access is available, install and configure the Model Import Connector:

• Install on a 64-bit system only.

• Configure the "Model Import User" to the admin account in the console.

• Set the minimum heap size for the connector to at least 2 GB (or 4 GB if sufficient memory is available). Do not start the connector yet.

8. **Start Model Import Connector**: Once configured, begin the connector to facilitate data import and processing. These steps ensure a smooth installation and setup of RepSM v1.54 for your organization's use. The process involves updating a configuration for a system, such as downloading and importing new Active Lists into an ArcSight appliance. Here's a step-by-step breakdown of what needs to be done: 1. Access the Console on the device and select specific commands related to model import connector, starting it up. 2. Check if the Model Import Connector is functioning correctly by reviewing its status in the Console. 3. Navigate to Active Lists within the Console, specifically checking Reputation Security Monitor 1.5, Malicious Domains, and Malicious IP Addresses lists for any new entries or updates. This step may require waiting as it depends on internet access or previously downloaded data. 4. If there's no internet access, download the Active Lists from a provided source and import them into your appliance manually, ensuring they are updated periodically through iROCK. 5. Verify that the import was successful by checking the same lists in the Active Lists resource within the Console to see if new entries have been added. 6. Deploy the rules related to Reputation Security Monitor 1.5 from the Rules section of the Navigator panel, grouping them under "ArcSight Solutions/Reputation Security Monitor 1.5". This involves right-clicking on the group and selecting 'Deploy Real-time Rule(s)' to make these rules active in the system's operations. 7. After a short delay, verify that the rules are now listed under the "Real-time Rules/Reputation Security Monitor 1.5" group, indicating successful deployment.