You are here: Features > Using SecurityCenter with LCE > Analyzing Events

TOC & Recently Viewed

Recently Viewed Topics

Analyzing Events

A wide variety of LCE analysis and reporting tools are available to SecurityCenter users. These users can make use of any LCE event that intersects with their range of managed IP addresses. All analysis and reporting options are described in the SecurityCenter User Guide.

Identifying Vulnerabilities

LCE can leverage log data to find vulnerabilities. The Tenable plugins that report this information will have the plugin ID range of 800,000 - 899,999. A sample screen capture of data that can be found is shown below:

You can filter for the vulnerabilities identified by LCE in SecurityCenter by using the “Filters” and selecting “Plugin ID”, then selecting “≥” and then entering “800000”.The filter setting is pictured below:

TASL Scripts

After PRM processing normalizes an event, the event is submitted to the LCE TASL engine for advanced processing by TASL scripts. TASL scripts are used for many types of detection events such as thresholds, successful attack detection, and alerting. By default, all TASL scripts are included on the LCE server; however they can be disabled manually in the “TASL and Plugins” section of the LCE interface described in detail earlier in this document. For more information regarding TASL scripts review the LCE TASL Reference Guide.

Copyright © 2017. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.