Recently Viewed Topics
Log Correlation Engines
Tenable’s Log Correlation Engine (LCE) is a software module that aggregates, normalizes, correlates, and analyzes event log data from the myriad of devices within the infrastructure. LCE also has the ability to analyze logs for vulnerabilities.
SecurityCenter performs vulnerability, compliance, and event management, but without LCE integration it does not directly receive logs or IDS/IPS events. With LCE integration, LCE processes the events and passes the results to SecurityCenter.
LCE's close integration with SecurityCenter allows you to centralize log analysis and vulnerability management for a complete view of your organization’s security posture.
Tip: You can configure more than one Log Correlation Engine to work with SecurityCenter.
To configure LCE servers in SecurityCenter:
Click Resources > Log Correlation Engines.
The LCE Servers page appears:
Click Add. The Add LCE Server window appears:
Configure the General options, as follows:
Name for the integrated Log Correlation Engine.
Descriptive text for the integrated Log Correlation Engine.
IP address of the integrated Log Correlation Engine.
Whether SecurityCenter checks the status of authentication between itself and the LCE server.
Organizations that can access data from the integrated Log Correlation Engine.
(Optional) To allow SecurityCenter to log in to the LCE server and retrieve vulnerability information:
- Enable Import Vulnerabilities. Additional options appear.
- Configure the following options:
The repositories where you want SecurityCenter to store the imported LCE data.
The port where the LCE reporter is listening on the LCE server.
The username SecurityCenter uses to authenticate to the LCE server to retrieve vulnerability information.
The password SecurityCenter uses to authenticate to the LCE server to retrieve vulnerability information.
Note: These credentials are typically different than the username and password you use to configure the SSH key exchange in Step 6.
(Optional) If you enabled the Check Authentication option above, SecurityCenter checks its ability to authenticate with the LCE server.
If authentication is successful, SecurityCenter displays a message to acknowledge that fact.
If authentication fails, SecurityCenter prompts you for credentials to the LCE server:
Type a username and password.
This user account must be able to make changes on the remote system to enable the SSH key exchange between SecurityCenter and LCE. The appropriate permissions level is typically root, root equivalent, or other high-level user permissions on the LCE system. SecurityCenter uses these credentials a single time to exchange SSH keys for secure communication between SecurityCenter and LCE.
Note: If remote root or root equivalent user login is prohibited in your environment, refer to the LCE key exchange section for instructions on how to manually configure the LCE server using SSH key authentication.
Click Push Key to initiate the transfer of the SSH Key.
If the transfer is successful, SecurityCenter displays a message to acknowledge that fact.