TOC & Recently Viewed

Recently Viewed Topics

Log Correlation Engines

Tenable’s Log Correlation Engine (LCE) is a software module that aggregates, normalizes, correlates, and analyzes event log data from the myriad of devices within the infrastructure. LCE also has the ability to analyze logs for vulnerabilities.

SecurityCenter performs vulnerability, compliance, and event management, but without LCE integration it does not directly receive logs or IDS/IPS events. With LCE integration, LCE processes the events and passes the results to SecurityCenter.

LCE's close integration with SecurityCenter allows you to centralize log analysis and vulnerability management for a complete view of your organization’s security posture.

Note: If you add an LCE server to SecurityCenter and enable Import Vulnerabilities, LCE data counts against your SecurityCenter license. For more information, see Licenses.

For more information, see Add a Log Correlation Engine Server.

Option Description

Name

Name for the integrated Log Correlation Engine.

Description

Descriptive text for the integrated Log Correlation Engine.

Host

IP address of the integrated Log Correlation Engine.

Check Authentication

Whether SecurityCenter checks the status of authentication between itself and the LCE server.

Organizations

Organizations that can access data from the integrated Log Correlation Engine.

Repositories

The repositories where you want SecurityCenter to store the imported LCE data.

Port

The port where the LCE reporter is listening on the LCE server.

Username and Password

The username and Password you want SecurityCenter to use for authentication to the LCE server to retrieve vulnerability information.

This user account must be able to make changes on the remote system to enable the SSH key exchange between SecurityCenter and LCE. The appropriate permissions level is typically root, root equivalent, or other high-level user permissions on the LCE system. SecurityCenter uses these credentials a single time to exchange SSH keys for secure communication between SecurityCenter and LCE.

Note: If remote root or root equivalent user login is prohibited in your environment, refer to the LCE key exchange section for instructions on how to manually configure the LCE server using SSH key authentication.

Copyright 2017 - 2018 Tenable, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc. Tenable, Tenable.io, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.