LCE Clients

A key component of LCE, the LCE clients capture event data from a variety of sources and send that data to the LCE server for normalization. The LCE clients are installed on systems whose logs, network traffic, performance and other types of protocols and technologies are to be monitored by forwarding the data securely to the LCE server. Policies are assigned to the LCE clients, which govern the methods by which a client captures event data. For example, the Web Query Client is used to collect events from Salesforce, AWS CloudTrail, and Google Cloud Platform.

The following table lists the LCE clients that Tenable Network Security provides, and the operating systems supported by those clients. This table only lists clients that are compatible with the latest version of LCE.

Client Operating Systems
LCE Client for Windows and Linux
  • RHEL/CentOS
  • Tenable Core
  • FreeBSD
  • Debian
  • OS X
  • AIX
  • Solaris
  • HP-UX
  • Dragon
  • Fedora
  • Ubuntu
  • SuSE
  • Windows
OPSEC Client
  • RHEL/CentOS
Splunk Client
  • RHEL/CentOS
Tenable NetFlow Monitor
  • RHEL/CentOS
  • Tenable Core
Tenable Network Monitor
  • RHEL/CentOS
  • Tenable Core
Tenable RDEP Monitor
  • RHEL/CentOS
Tenable SDEE Monitor
  • RHEL/CentOS
Web Query Client
  • RHEL/CentOS
WMI Monitor Client
  • RHEL/CentOS

The LCE clients can be configured to gather information and events from the following sources:

  • Windows Event Logs (collected locally or remotely via WMI)
  • Windows/Linux/Unix system and application logs
  • Check Point OPSEC events
  • Cisco RDEP events
  • Cisco SDEE events
  • Cisco NetFlow
  • Splunk
  • Sniffed TCP and UDP network traffic (Tenable Network Monitor)
  • Sniffed syslog messages in motion
  • File monitoring (Linux, Unix, and Windows)

All data transmitted from LCE clients to the LCE server is encrypted using AES-256-CFB.