Welcome to Tenable Log Correlation Engine

Last updated: September 14, 2023

This document describes the installation, configuration, and administration of the Tenable Tenable Log Correlation Engine® (Tenable Log Correlation Engine®) Tenable Log Correlation Engine 6.0.x (formerly known as LCE) for use as a part of Tenable Security Center+.

Log Correlation Engine is used with Tenable Security Center, which is installed separately. This documentation assumes that you already have an operational instance of Tenable Security Center. Knowledge of Tenable Security Center operation and architecture is also assumed, along with a familiarity with system log formats from various operating systems, network devices, and applications and a basic understanding of Linux and Unix command line syntax. For more information, see the Tenable Security Center User Guide.

In addition to the LCE server, Tenable provides the following clients:

• Tenable Log Correlation Engine Client
• OPSEC Client
• Splunk Client
• Tenable NetFlow Monitor
• Tenable Network Monitor
• Tenable RDEP Monitor
• Tenable SDEE Monitor
• Web Query Client
• WMI Monitor Client

Note: While you may still manage clients and policies using an account with Administrator privileges in Tenable Security Center, Log Correlation Engine (versions 4.8 and later) is now the preferred method, as it provides additional validation to client management and policy modification. Additionally, organizations with a centralized instance of Tenable Security Center can better delegate the administration of Log Correlation Engine by utilizing the new features, rather than channeling all Log Correlation Engine administration through Tenable Security Center users with the necessary privileges.

For assistance with Log Correlation Engine, contact Tenable Support.