Add LCE to Tenable.sc

To add your LCE server to Tenable.sc, see Add a Log Correlation Engine Server in the Tenable.sc User Guide.

Option Description

Name

The unique name that this LCE server will be known as.

Description

Descriptive text for the LCE server.

Host

The IP address of the LCE server.

Note: When the Tenable.sc resides on the same host as the LCE server, it is recommended to use the localhost IP address of 127.0.0.1.

Organizations

Select the customer that this LCE is assigned to from the drop down menu.

Event Vulnerability Data

Import Vulnerabilities

Selecting this box will allow you to configure your LCE use Event data to detect vulnerabilities.

Repositories

This will allow you to select which repository you would like to keep the vulnerability data collected from LCE events.

Event Vulnerability Host

Port

This allows you to configure the port used for communication between Tenable.sc and LCE. The default port is 1243. In the LCE interface this is known as the Reporter Port.

Username

This is the Reporter Username that was set in the LCE interface under the Configuration, Advanced, Host Discovery and Vulnerabilities section.

Password

This is known as the Reporter Password which is found in the Configuration, Advanced, Host Discovery and Vulnerabilities section.

After clicking on Submit, the LCE admin credentials (“root” user or equivalent) are requested to establish an authenticated session between Tenable.sc and the LCE. After the LCE server is successfully added, highlight the new LCE server to display options pertinent to that server.

Note: If you are using DNS in your environment, make sure it is configured for reverse DNS resolution to facilitate query speeds. If you are not using DNS, modify the /etc/hosts file to include your Tenable.sc IP address and hostname. For example: 192.0.2.22 SecurityCenter4.example.com SecurityCenter4