Get Started with the Tenable Log Correlation Engine Splunk Client

This document describes the Tenable Log Correlation Engine Splunk Client version 4.6 that is available for Tenable Log Correlation Engine.

A working knowledge of Splunk, Tenable Security Center, and Tenable Log Correlation Engine operation and architecture is assumed. Familiarity with general log formats from various operating systems, network devices, and applications, as well as a basic understanding of Linux/Unix, is also assumed.

Overview

Tenable Log Correlation Engine unifies vulnerability collection and event analysis data through Tenable Security Center, which provides easy-to-use dashboards to display multiple data points in a centralized view. Organizations that choose to send Splunk logs to the Tenable Log Correlation Engine have a unique advantage in that Splunk data is normalized by Tenable Log Correlation Engine and can be included for automatic anomaly detection, discovering assets, and additional vulnerability information including botnet and malware detection.

The Tenable Log Correlation Engine Splunk Client forwards data that Splunk collects to the Tenable Log Correlation Engine server. Once the data reaches the Tenable Log Correlation Engine server, the data is reviewed and normalized so it can be queried in Tenable Security Center. The scope of this client can vary depending on what data is being forwarded from Splunk to the Tenable Log Correlation Engine Splunk Client.

Caution: The Tenable Log Correlation Engine Splunk Client can process a maximum of 500 logs per second. Processing more than 500 logs per second can result in a loss of data. This is an absolute limit and cannot be increased by improving the system hardware.