Log Correlation Engine 3.4.1 Release Notes
The following notes describe the changes that are included in Log Correlation Engine (LCE) version 3.4.1, including significant enhancements that have been made, as well as notes for upgrading. A PDF file of these release notes is also available here.
- As with any application, it is always advisable to perform a backup of your LCE installation and archived logs before upgrading.
- LCE version 3.4.1 is a required upgrade for SecurityCenter 4.
- LCE version 3.4.1 is compatible with Security Center version 3.4.5 or later. Older versions of Security Center may work with LCE 3.4.1 without issues, but will not support many of the new features. Please contact Tenable Support at firstname.lastname@example.org if you have any questions about compatibility issues.
- Detailed instructions and notes on upgrading are located in the Log Correlation Engine 3.4 Administration and User Guide.
LCE IDS Correlation
- LCE receives vulnerability information and IDS correlation signature updates from SecurityCenter 4 so that it can correlate intrusion detection events with vulnerabilities. Correlation is enabled on a per Repository basis within SecurityCenter 4. To enable, login to SecurityCenter 4 as admin, edit a Repository and select the desired LCE(s) in the .LCE Correlation. field. Both the normalized event name and the originating raw IDS event name are available within the SecurityCenter 4 GUI. When browsing events use the .Target IDS Events. filter to display the Correlated IDS events. A sample screenshot can be viewed here.
- As of 3.4.0, LCE is capable of managing IDS events from various sources. This functionality is based on what was available in Security Center 3.x. LCE can accept events from IDS devices via syslog and/or SNMP traps. To differentiate between IDS events and ordinary logs in Security Center queries, a new "event2" field has been added to the LCE database schema. The LCE supports the following types of IDS sources: