TOC & Recently Viewed

Log Correlation Engine 4.8 Release Notes - 3/17/2016

The following notes describe the changes that are included in Log Correlation Engine (LCE) version 4.8, significant enhancements to LCE, and information about upgrading. A PDF file of these release notes is also available here.

General Upgrade Notes

  • As with any application, it is always advisable to perform a backup of your LCE installation and archived logs before upgrading.
  • Detailed instructions and notes on upgrading are located in the Log Correlation Engine 4.8 User Guide.
  • The supported upgrade path to 4.8.0 is 4.6.1, 4.6.0, and 4.4.x. If you have deployed LCE < 4.4.x, please perform an intermediate upgrade to LCE 4.4.x, then upgrade to LCE 4.8.0.

Compatibility Notes

  • LCE version 4.8 is compatible with SecurityCenter version 4.6.2.2 or later. Older versions of SecurityCenter will work with LCE 4.8 without issues, but will not support some new features.
  • LCE version 4.8 is compatible with LCE Clients version 4.0.0 or later. Older LCE Clients will not be able to log in and send event data to LCE 4.8.
  • Please contact Tenable Support at support@tenable.com if you have any questions about compatibility issues.

File Names & MD5 Checksums

File MD5
lce-4.8.0-el5.x86_64.rpm 8d1ae0900d461fd593b4daf67ee72e00
lce-4.8.0-el6.x86_64.rpm feee53b5b38fc3d6f5459a5eb76b817d
lce-4.8.0-el7.x86_64.rpm dc5c0830e1c05e35160407c0ffc85204
LCE-Server-HyperV-4.8.0.zip 0128d7dc4d7d1301fee9617a80aa6f3e
LCE-Server-VMware-4.8.0.ova 05baf7c763c461847a5dc2dc5185c213

New Features and Improvements:

  • LCE Client Management UI: LCE server 4.8 can manage clients that report data to it. The new Client management UI allows users to use the LCE server as a one stop shop for all client management options. Users can assign policies, rename clients, and authorized and delete clients all from the same screen. Multi-LCE organizations may manage clients locally via the LCE UI without using SecurityCenter.
  • LCE Client Policy Editor: The new Client policy editor guides users in creating and editing client policies. The policy editor provides a complete listing of LCE clients and allows customers to configure policy and options for all clients. The policy wizard walks users through policy modifications by showing all possible options for the selected client type, and validating them on-the-fly using a simple editor that requires no knowledge of the format of the policy. Advance users may still use the adjacent XML editor to edit the raw policy contents, if desired.
  • CVSS 3.0 Support: LCE now supports and scores select vulnerabilities based on CVSS 3.0 rating system. This is for a limited number of vulnerabilities and may affect some dashboards and reports

Security Enhancements:

  • Added configuration option to limit communication to TLS 1.2 only
  • Replaced SHA1 certificate chains with SHA256
  • Updated hash algorithm for completed silo from MD5 to SHA256
  • Updated OpenSSL to version 1.0.2g
  • Addressed CVE-2015-8035, upgraded Libxml to 2.9.3

Resolved Items:

  • Segfault occurs when starting the LCE server, indexer, and TASL demons due to an issue in the config library
  • LCE Server SYN Flooding
  • Event rule filter “+Text” not filtering as expected
  • LCE low priority queries execute slowly or not at all
  • LCE- NDB Indexer will not attempt to index gzipped silos
  • LCE and stats daemons not being shut down on reboot or shut down
  • LCE reindex_db_elements: ERROR: unable to translate type 254
  • LCE refuses to normalize usernames with inferred IPs
  • TASL daemon does not attempt to read .ndb.gz files

Copyright 2017. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.