Welcome to Log Correlation Engine

Last updated: October 25, 2022

This document describes the installation, configuration, and administration of the Tenable Log Correlation Engine® (LCE®) LCE 6.0.x for use as a part of Tenable.sc+.

Tip: Tenable rebranded Tenable.sc Continuous View as Tenable.sc+.

LCE is used with Tenable.sc, which is installed separately. This documentation assumes that you already have an operational instance of Tenable.sc. Knowledge of Tenable.sc operation and architecture is also assumed, along with a familiarity with system log formats from various operating systems, network devices, and applications and a basic understanding of Linux and Unix command line syntax. For more information, see the Tenable.sc User Guide.

In addition to the LCE server, Tenable provides the following clients:

• LCE Client
• OPSEC Client
• Splunk Client
• Tenable NetFlow Monitor
• Tenable Network Monitor
• Tenable RDEP Monitor
• Tenable SDEE Monitor
• Web Query Client
• WMI Monitor Client

Note: While you may still manage clients and policies using an account with Administrator privileges in Tenable.sc, LCE (versions 4.8 and later) is now the preferred method, as it provides additional validation to client management and policy modification. Additionally, organizations with a centralized instance of Tenable.sc can better delegate the administration of LCE by utilizing the new features, rather than channeling all LCE administration through Tenable.sc users with the necessary privileges.

For assistance with LCE, contact Tenable Support.