File and Process Allow List

If you use third-party endpoint security products such as anti-virus applications and host-based intrusion and prevention systems, you should add Log Correlation Engine to the allow list.

The following tables list the Log Correlation Engine Server and Log Correlation Engine Client folders, files, and processes that should be allowed.

Log Correlation Engine Server

Log Correlation Engine Server
Folders
/opt/lce/*
/opt/lce/admin/log/*
/opt/lce/db/*
/tmp/*
/tmp/download_surge_domains
/tmp/download_surge_files
/tmp/user_tracking_day
/tmp/sw_tracking_day
/tmp/threatlist.tmp
/tmp/threaturl.tmp
/tmp/usb_tracking_day
/etc/logrotate.d/lce
/etc/keepalived/keepalived.conf
/etc/sysconfig/keepalived
/etc/systemd/system/keepalived.service
/usr/lib/systemd/system/keepalived.service
/var/run/keepalived
/usr/lib/firewalld/services/lce-server.xml
/etc/init.d/
/var/lock/subsys/
Files
/opt/lce/tools/optimize-datastore
/opt/lce/tools/cache-filter-pointers
/opt/lce/diag
/opt/lce/showids
/opt/lce/tasl
/opt/lce/daemons/lce_client_manager
/opt/lce/postgresql/bin/pg_basebackup
/opt/lce/postgresql/bin/pg_ctl
/opt/lce/postgresql/bin/pg_dump
/opt/lce/postgresql/bin/pg_isready
/opt/lce/postgresql/bin/pg_restore
/opt/lce/postgresql/bin/pg_rewind
/opt/lce/postgresql/bin/psql
/opt/lce/tools/archival-manager
/opt/lce/tools/check_fix-file_accessibility
/opt/lce/tools/cfg-utils
/opt/lce/tools/fwd-silo-cksum
/opt/lce/tools/ha-manager
/opt/lce/tools/msmtp
/opt/lce/tools/restart-all
/opt/lce/tools/send_syslog
/opt/lce/tools/start-all
/opt/lce/tools/stop-all
/opt/lce/tools/user-utils
Processes
/opt/lce/daemons/lced
/opt/lce/daemons/lce_queryd
/opt/lce/daemons/lce_report_proxyd
/opt/lce/daemons/lce_wwwd
/opt/lce/daemons/lce_tasld
/opt/lce/daemons/stats
/opt/lce/postgresql/bin/postgres
/opt/lce/ha/keepalived

Log Correlation Engine Clients

Tenable NetFlow Monitor
Folders
/opt/netflow_monitor/
/etc/init.d/netflow_monitor
Processes
tfmd
Tenable Network Monitor
Folders
(Linux only) /opt/network_monitor/
(FreeBSD only) /usr/local/network_monitor
/etc/init.d/network_monitor
Processes
tnmd
OPSEC Client
Folders
/opt/lce_opsec/*
/etc/init.d/lce_opsec
Files
lce_query_opsec
Processes
lce_opsecd
Tenable RDEP Monitor
Folders
/opt/rdep_monitor/
/etc/init.d/rdep_monitor
Processes
trm
Tenable SDEE Monitor
Folders
/opt/sdee_monitor/
/etc/init.d/sdee_monitor
Processes
lce_sdeed
Splunk Client
Folders
/opt/lce_splunk/
/etc/init.d/lce_splunk
Processes
lce_splunkd
Log Correlation Engine Client for Linux
Folders
(FreeBSD only) /usr/local/lce_client/
/opt/lce_client/
(OSX only) /Library/LaunchDaemons/com.tenable.launchd.lceclient.plist
(AIX only) /etc/rc.d/init.d/lce_client
(HP-UX only) /sbin/init.d/lce_client
/etc/init.d/lce_client
Processes
lce_clientd
Log Correlation Engine Client for Windows
Folders
C:\Program Data\Tenable\LCEClient
C:\Program Files\Tenable\LCEClient
Files
server_assignment.exe
Processes
lce_client.exe
Web Query Client
Folders
/opt/lce_webquery/*
/etc/init.d/lce_webquery
Processes
lce_webqueryd
WMI Monitor Agent
Folders
/opt/wmi_monitor/*
/etc/init.d/wmi_monitor
Files
wmi_config_credentials wmic
Processes
lce_wmid