TOC & Recently Viewed

Recently Viewed Topics

Getting Started with the LCE Splunk Client

This document describes the LCE Splunk Client version 4.6 that is available for Tenable Network Security’s Log Correlation Engine (LCE).

A working knowledge of Splunk, SecurityCenter, and LCE operation and architecture is assumed. Familiarity with general log formats from various operating systems, network devices, and applications, as well as a basic understanding of Linux/Unix, is also assumed.

Please email any comments and suggestions to support@tenable.com.

Overview

LCE unifies vulnerability collection and event analysis data through SecurityCenter, which provides easy-to-use dashboards to display multiple data points in a centralized view. Organizations that choose to send Splunk logs to the LCE have a unique advantage in that Splunk data is normalized by LCE and can be included for automatic anomaly detection, discovering assets, and additional vulnerability information including botnet and malware detection.

The LCE Splunk Client forwards data that Splunk collects to the LCE server. Once the data reaches the LCE server, the data is reviewed and normalized so it can be queried in SecurityCenter. The scope of this client can vary depending on what data is being forwarded from Splunk to the LCE Splunk Client.

Caution: The LCE Splunk Client can process a maximum of 500 logs per second. Processing more than 500 logs per second can result in a loss of data. This is an absolute limit and cannot be increased by improving the system hardware.

Copyright 2017 Tenable, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.  Tenable, Tenable.io, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc.  All other products or services are trademarks of their respective owners.