Analyzing Events

A wide variety of LCE analysis and reporting tools are available to Tenable.sc users. These users can make use of any LCE event that intersects with their range of managed IP addresses. All analysis and reporting options are described in the Tenable.sc User Guide.

Identifying Vulnerabilities

LCE can leverage log data to find vulnerabilities. The Tenable plugins that report this information will have the plugin ID range of 800,000 - 899,999.

You can filter for the vulnerabilities identified by LCE in Tenable.sc by using the “Filters” and selecting “Plugin ID”, then selecting “≥” and then entering “800000.” The filter setting is pictured below:

TASL Scripts

After PRM processing normalizes an event, the event is submitted to the LCE TASL engine for advanced processing by TASL scripts. TASL scripts are used for many types of detection events such as thresholds, successful attack detection, and alerting. By default, all TASL scripts are enabled in the LCE server; however they can be disabled manually in the “TASL and Plugins” section of the LCE interface described in detail earlier in this document. For more information regarding TASL scripts review the LCE TASL Reference Guide.