Welcome to Log Correlation Engine

Last updated: May 19, 2023

This document describes the installation, configuration, and administration of the Tenable Tenable Log Correlation Engine® (Tenable Log Correlation Engine®) LCE 6.0.x for use as a part of Tenable Security Center+.

Tip: Tenable rebranded Tenable.sc Continuous View as Tenable Security Center+.

Log Correlation Engine is used with Tenable.sc, which is installed separately. This documentation assumes that you already have an operational instance of Tenable.sc. Knowledge of Tenable.sc operation and architecture is also assumed, along with a familiarity with system log formats from various operating systems, network devices, and applications and a basic understanding of Linux and Unix command line syntax. For more information, see the Tenable.sc User Guide.

In addition to the LCE server, Tenable provides the following clients:

• LCE Client
• OPSEC Client
• Splunk Client
• Tenable NetFlow Monitor
• Tenable Network Monitor
• Tenable RDEP Monitor
• Tenable SDEE Monitor
• Web Query Client
• WMI Monitor Client

Note: While you may still manage clients and policies using an account with Administrator privileges in Tenable.sc, Log Correlation Engine (versions 4.8 and later) is now the preferred method, as it provides additional validation to client management and policy modification. Additionally, organizations with a centralized instance of Tenable.sc can better delegate the administration of Log Correlation Engine by utilizing the new features, rather than channeling all Log Correlation Engine administration through Tenable.sc users with the necessary privileges.

For assistance with Log Correlation Engine, contact Tenable Support.