Add LCE to Tenable.sc
To add your LCE server to Tenable.sc, see Add a Log Correlation Engine Server in the Tenable.sc User Guide.
Option | Description |
---|---|
Name |
The unique name that this LCE server will be known as. |
Description |
Descriptive text for the LCE server. |
Host |
The IP address of the LCE server. Note: When the Tenable.sc resides on the same host as the LCE server, it is recommended to use the localhost IP address of 127.0.0.1. |
Organizations |
Select the customer that this LCE is assigned to from the drop down menu. |
Event Vulnerability Data |
|
Import Vulnerabilities |
Selecting this box will allow you to configure your LCE use Event data to detect vulnerabilities. |
Repositories |
This will allow you to select which repository you would like to keep the vulnerability data collected from LCE events. |
Event Vulnerability Host |
|
Port |
This allows you to configure the port used for communication between Tenable.sc and LCE. The default port is 1243. In the LCE interface this is known as the Reporter Port. |
Username |
This is the Reporter Username that was set in the LCE interface under the Configuration, Advanced, Host Discovery and Vulnerabilities section. |
Password |
This is known as the Reporter Password which is found in the Configuration, Advanced, Host Discovery and Vulnerabilities section. |
After clicking on Submit, the LCE admin credentials (“root” user or equivalent) are requested to establish an authenticated session between Tenable.sc and the LCE. After the LCE server is successfully added, highlight the new LCE server to display options pertinent to that server.
Note: If you are using DNS in your environment, make sure it is configured for reverse DNS resolution to facilitate query speeds. If you are not using DNS, modify the /etc/hosts file to include your Tenable.sc IP address and hostname. For example: 192.0.2.22 SecurityCenter4.example.com SecurityCenter4