Add LCE to

To add your LCE server to, see Add a Log Correlation Engine Server in the User Guide.

Option Description


The unique name that this LCE server will be known as.


Descriptive text for the LCE server.


The IP address of the LCE server.

Note: When the resides on the same host as the LCE server, it is recommended to use the localhost IP address of


Select the customer that this LCE is assigned to from the drop down menu.

Event Vulnerability Data

Import Vulnerabilities

Selecting this box will allow you to configure your LCE use Event data to detect vulnerabilities.


This will allow you to select which repository you would like to keep the vulnerability data collected from LCE events.

Event Vulnerability Host


This allows you to configure the port used for communication between and LCE. The default port is 1243. In the LCE interface this is known as the Reporter Port.


This is the Reporter Username that was set in the LCE interface under the Configuration, Advanced, Host Discovery and Vulnerabilities section.


This is known as the Reporter Password which is found in the Configuration, Advanced, Host Discovery and Vulnerabilities section.

After clicking on Submit, the LCE admin credentials (“root” user or equivalent) are requested to establish an authenticated session between and the LCE. After the LCE server is successfully added, highlight the new LCE server to display options pertinent to that server.

Note: If you are using DNS in your environment, make sure it is configured for reverse DNS resolution to facilitate query speeds. If you are not using DNS, modify the /etc/hosts file to include your IP address and hostname. For example: SecurityCenter4