IDS Configuration
Tenable Log Correlation Engine has the ability to receive IDS events from multiple sources. In addition to being normalized and stored in the log database, each event will be checked against any Tenable Security Centervulnerability databases. If a host is vulnerable to attack, the event is marked as such, allowing rules to trigger on this scenario so that the information can be distributed to the affected administrators.
For each IDS sensor, a sensor name and type must be defined as in the example below. The following sensor types are supported:
- Snort
- Bro
- RealSecure
- Dragon
- IntruVert
- IntruShield
- Juniper
- NetScreen
- NFR
- Fortinet
- Cisco
- TippingPoint-Sensor
- TippingPoint-SMS
The following table describes the options that are available.
| Option | Description |
|---|---|
|
IDS IP |
The IP address of the IDS. |
|
Sensor Name |
Name to be used within the Tenable Security Center logs. |
|
Sensor Type |
IDS sensor type. |