Knowledge Doc: [ESM] Max Score of Reputation Data for RepSM Plus

0 Likes

Summary
From RepSM Plus version 1.6, reputation scores are no longer being used to judge the "badness" of an entity. Please do not use them. They are there for historical purpose, and serve no purpose for threat-related information.

Products
ArcSight Enterprise Security Manager (ESM)

Environment
RepSM Plus version 1.6, 1.7 and 1.8

Situation
Max score of Malicious Domains is 100. But one of Malicious IP Addresses is below 30, and it never exceeds this value.

“RepSM Plus Solution Guide” describes as follows:
Reputation Scores
The reputation score is a number from 0 to 100 that indicates the potential security risk of the IP
address, host name, or domain name, based on current threat intelligence from the reputation database.

For more detail, please refer the following ArcSight ESM RepSM Puls Solution Guide
https://www.microfocus.com/documentation/arcsight/solutions-and-compliance/ESM_RepSM_Plus_SolutionsGuide/#Reputation_Scores.htm?Highlight=score

However max score of Malicious IP Addresses for RepSM 1.5 has near 100 (94).

Resolution
Reputation scores are no longer being used to judge the "badness" of an entity.
Do not use them. They are there for historical purpose, and serve no purpose for threat-related information.


Knowledge Base Article Link


URL Name
KM000009495

Labels:

Support Tips/Knowledge Docs
Related
Recommended