A key component of LCE, the LCE clients capture event data from a variety of sources and send that data to the LCE server for normalization. The LCE clients are installed on systems whose logs, network traffic, performance and other types of protocols and technologies are to be monitored by forwarding the data securely to the LCE server. Policies are assigned to the LCE clients, which govern the methods by which a client captures event data. For example, the Web Query Client is used to collect events from Salesforce, AWS CloudTrail, and Google Cloud Platform.
The following table lists the LCE clients that Tenable Network Security provides, and the operating systems supported by those clients. This table only lists clients that are compatible with the latest version of LCE.
|LCE Client for Windows and Linux||
|Tenable NetFlow Monitor||
|Tenable Network Monitor||
|Tenable RDEP Monitor||
|Tenable SDEE Monitor||
|Web Query Client||
|WMI Monitor Client||
The LCE clients can be configured to gather information and events from the following sources:
- Windows Event Logs (collected locally or remotely via WMI)
- Windows/Linux/Unix system and application logs
- Check Point OPSEC events
- Cisco RDEP events
- Cisco SDEE events
- Cisco NetFlow
- Sniffed TCP and UDP network traffic (Tenable Network Monitor)
- Sniffed syslog messages in motion
- File monitoring (Linux, Unix, and Windows)
All data transmitted from LCE clients to the LCE server is encrypted using AES-256-CFB.