ArcSight alerts analysts when computer systems are attacked. It is also used in the private sector. It is now owned by British mainframe company Micro Focus which acquired HPE's software assets in a sale that was completed last month.
A Reuters report said the Russian review of the ArcSight source code was facilitated by HPE in order to obtain the certification needed to get orders for Russia's public sector.
Former US intelligence officials were quoted as saying that the review could help Russia find vulnerabilities in ArcSight.
Moscow has denied that it carried out any such attacks.
Echelon president and majority owner Alexey Markov told Reuters that if he and his team found any vulnerabilities, then they had to report them to the Russian government.
However, he added, that he would always alert the software maker of the problem first and obtain permission to release details to the Russian authorities.
Markov did not provide any details about the ArcSight source code because of a non-disclosure agreement with HPE.
HPE was quoted as saying that such reviews had taken place in Russia for years.
ArcSight is used by some state companies in Russia, including VTB Bank and the Rossiya Segodnya media company.