Tenable Log Correlation Engine Clients
A key component of Tenable Log Correlation Engine, clients capture event data from a variety of sources and send that data to the Tenable Log Correlation Engine server for normalization. The Tenable Log Correlation Engine clients are installed on systems whose logs, network traffic, performance and other types of protocols and technologies are to be monitored by forwarding the data securely to the Tenable Log Correlation Engine server. Policies are assigned to the Tenable Log Correlation Engine clients, which govern the methods by which a client captures event data. For example, the Web Query Client is used to collect events from Salesforce, AWS CloudTrail, and Google Cloud Platform.
The following table lists the Tenable Log Correlation Engine clients that Tenable Network Security provides, and the operating systems supported by those clients. This table only lists clients that are compatible with the latest version of Tenable Log Correlation Engine.
| Client | Operating Systems |
|---|---|
| Tenable Log Correlation Engine Client for Windows and Linux |
|
| OPSEC Client |
|
| Splunk Client |
|
| Tenable NetFlow Monitor |
|
| Tenable Network Monitor |
|
| Tenable RDEP Monitor |
|
| Tenable SDEE Monitor |
|
| Web Query Client |
|
| WMI Monitor Client |
|
The Tenable Log Correlation Engine clients can be configured to gather information and events from the following sources:
- Windows Event Logs (collected locally or remotely via WMI)
- Windows/Linux/Unix system and application logs
- Check Point OPSEC events
- Cisco RDEP events
- Cisco SDEE events
- Cisco NetFlow
- Splunk
- Sniffed TCP and UDP network traffic (Tenable Network Monitor)
- Sniffed syslog messages in motion
- File monitoring (Linux, Unix, and Windows)
All data transmitted from Tenable Log Correlation Engine clients to the Tenable Log Correlation Engine server is encrypted using AES-256-CFB.