Connect to an Event Log Collector

You can configure Tenable.ad to send notifications, such as alerts or security offenses, to an event log collector. Tenable Identity Exposure also allows you to redirect a subset of the traffic flows to a collector for further correlation.

The following illustration shows an integrated process managing Security Information and Event Management (SIEM) events.

Tenable.ad uses the Syslog protocol to carry messages in LEEF format.

Tenable.ad supports most SIEMs or event log collectors. Tenable Identity Exposure supports the following event collectors:

• IBM QRadar

• Splunk

• RSA Netwitness

• LogRhythm

• Micro Focus ArcSight

• Tibco Loglogic

• McAfee Enterprise Security Manager