File and Process Allow List
If you use third-party endpoint security products such as anti-virus applications and host-based intrusion and prevention systems, you should add Log Correlation Engine to the allow list.
The following tables list the Log Correlation Engine Server and Log Correlation Engine Client folders, files, and processes that should be allowed.
Log Correlation Engine Server
| Log Correlation Engine Server |
|---|
| Folders |
| /opt/lce/* |
| /opt/lce/admin/log/* |
| /opt/lce/db/* |
| /tmp/* |
| /tmp/download_surge_domains |
| /tmp/download_surge_files |
| /tmp/user_tracking_day |
| /tmp/sw_tracking_day |
| /tmp/threatlist.tmp |
| /tmp/threaturl.tmp |
| /tmp/usb_tracking_day |
| /etc/logrotate.d/lce |
| /etc/keepalived/keepalived.conf |
| /etc/sysconfig/keepalived |
| /etc/systemd/system/keepalived.service |
| /usr/lib/systemd/system/keepalived.service |
| /var/run/keepalived |
| /usr/lib/firewalld/services/lce-server.xml |
| /etc/init.d/ |
| /var/lock/subsys/ |
| Files |
| /opt/lce/tools/optimize-datastore |
| /opt/lce/tools/cache-filter-pointers |
| /opt/lce/diag |
| /opt/lce/showids |
| /opt/lce/tasl |
| /opt/lce/daemons/lce_client_manager |
| /opt/lce/postgresql/bin/pg_basebackup |
| /opt/lce/postgresql/bin/pg_ctl |
| /opt/lce/postgresql/bin/pg_dump |
| /opt/lce/postgresql/bin/pg_isready |
| /opt/lce/postgresql/bin/pg_restore |
| /opt/lce/postgresql/bin/pg_rewind |
| /opt/lce/postgresql/bin/psql |
| /opt/lce/tools/archival-manager |
| /opt/lce/tools/check_fix-file_accessibility |
| /opt/lce/tools/cfg-utils |
| /opt/lce/tools/fwd-silo-cksum |
| /opt/lce/tools/ha-manager |
| /opt/lce/tools/msmtp |
| /opt/lce/tools/restart-all |
| /opt/lce/tools/send_syslog |
| /opt/lce/tools/start-all |
| /opt/lce/tools/stop-all |
| /opt/lce/tools/user-utils |
| Processes |
| /opt/lce/daemons/lced |
| /opt/lce/daemons/lce_queryd |
| /opt/lce/daemons/lce_report_proxyd |
| /opt/lce/daemons/lce_wwwd |
| /opt/lce/daemons/lce_tasld |
| /opt/lce/daemons/stats |
| /opt/lce/postgresql/bin/postgres |
| /opt/lce/ha/keepalived |
Log Correlation Engine Clients
| Tenable NetFlow Monitor |
|---|
| Folders |
| /opt/netflow_monitor/ |
| /etc/init.d/netflow_monitor |
| Processes |
| tfmd |
| Tenable Network Monitor |
| Folders |
| (Linux only) /opt/network_monitor/ |
| (FreeBSD only) /usr/local/network_monitor |
| /etc/init.d/network_monitor |
| Processes |
| tnmd |
| OPSEC Client |
| Folders |
| /opt/lce_opsec/* |
| /etc/init.d/lce_opsec |
| Files |
| lce_query_opsec |
| Processes |
| lce_opsecd |
| Tenable RDEP Monitor |
| Folders |
| /opt/rdep_monitor/ |
| /etc/init.d/rdep_monitor |
| Processes |
| trm |
| Tenable SDEE Monitor |
| Folders |
| /opt/sdee_monitor/ |
| /etc/init.d/sdee_monitor |
| Processes |
| lce_sdeed |
| Splunk Client |
| Folders |
| /opt/lce_splunk/ |
| /etc/init.d/lce_splunk |
| Processes |
| lce_splunkd |
| Log Correlation Engine Client for Linux |
| Folders |
| (FreeBSD only) /usr/local/lce_client/ |
| /opt/lce_client/ |
| (OSX only) /Library/LaunchDaemons/com.tenable.launchd.lceclient.plist |
| (AIX only) /etc/rc.d/init.d/lce_client |
| (HP-UX only) /sbin/init.d/lce_client |
| /etc/init.d/lce_client |
| Processes |
| lce_clientd |
| Log Correlation Engine Client for Windows |
| Folders |
| C:\Program Data\Tenable\LCEClient |
| C:\Program Files\Tenable\LCEClient |
| Files |
| server_assignment.exe |
| Processes |
| lce_client.exe |
| Web Query Client |
| Folders |
| /opt/lce_webquery/* |
| /etc/init.d/lce_webquery |
| Processes |
| lce_webqueryd |
| WMI Monitor Agent |
| Folders |
| /opt/wmi_monitor/* |
| /etc/init.d/wmi_monitor |
| Files |
| wmi_config_credentials wmic |
| Processes |
| lce_wmid |