Cybersecurity
DevOps Cloud (ADM)
IT Operations Cloud
Summary
From RepSM Plus version 1.6, reputation scores are no longer being used to judge the "badness" of an entity. Please do not use them. They are there for historical purpose, and serve no purpose for threat-related information.
Products
ArcSight Enterprise Security Manager (ESM)
Environment
RepSM Plus version 1.6, 1.7 and 1.8
Situation
Max score of Malicious Domains is 100. But one of Malicious IP Addresses is below 30, and it never exceeds this value.
“RepSM Plus Solution Guide” describes as follows:
Reputation Scores
The reputation score is a number from 0 to 100 that indicates the potential security risk of the IP
address, host name, or domain name, based on current threat intelligence from the reputation database.
For more detail, please refer the following ArcSight ESM RepSM Puls Solution Guide
https://www.microfocus.com/documentation/arcsight/solutions-and-compliance/ESM_RepSM_Plus_SolutionsGuide/#Reputation_Scores.htm?Highlight=score
However max score of Malicious IP Addresses for RepSM 1.5 has near 100 (94).
Resolution
Reputation scores are no longer being used to judge the "badness" of an entity.
Do not use them. They are there for historical purpose, and serve no purpose for threat-related information.
URL Name
KM000009495