Tenable Log Correlation Engines

Tenable Tenable Log Correlation Engine (Log Correlation Engine) is a software module that aggregates, normalizes, correlates, and analyzes event log data from the myriad of devices within the infrastructure. Log Correlation Engine also has the ability to analyze logs for vulnerabilities.

Tenable Security Center performs vulnerability, compliance, and event management, but without Log Correlation Engine integration it does not directly receive logs or IDS/IPS events. With Log Correlation Engine integration, Log Correlation Engine processes the events and passes the results to Tenable Security Center.

Log Correlation Engine's close integration with Tenable Security Center allows you to centralize log analysis and vulnerability management for a complete view of your organization’s security posture.

Note: If you add an Log Correlation Engine server to Tenable Security Center and enable Import Vulnerabilities, Log Correlation Engine data counts against your Tenable Security Center license. For more information, see License Requirements.

For more information, see Add a Tenable Log Correlation Engine Server.

If remote root or root equivalent user login is prohibited in your environment, you can add the Log Correlation Engine server using SSH key authentication. For more information, see Manual Log Correlation Engine Key Exchange.

For information about Tenable Security Center-Tenable Log Correlation Engine communications encryption, see Encryption Strength.

Tenable Log Correlation Engine Options

Option Description

Name

Name for the integrated Tenable Log Correlation Engine.

Description

Descriptive text for the integrated Tenable Log Correlation Engine.

Host

IP address of the integrated Tenable Log Correlation Engine.

Check Authentication

Whether Tenable Security Center checks the status of authentication between itself and the Log Correlation Engine server.

Organizations

Organizations that can access data from the integrated Tenable Log Correlation Engine.

Repositories

The repositories where you want Tenable Security Center to store the imported Log Correlation Engine data.

Port

The port where the Log Correlation Engine reporter is listening on the Log Correlation Engine server.

Username and Password

The username and password you want Tenable Security Center to use for authentication to the Log Correlation Engine server to retrieve vulnerability information.

This user account must be able to make changes on the remote system to enable the SSH key exchange between Tenable Security Center and Log Correlation Engine. The appropriate permissions level is typically root, root equivalent, or other high-level user permissions on the Log Correlation Engine system. Tenable Security Center uses these credentials a single time to exchange SSH keys for secure communication between Tenable Security Center and Log Correlation Engine.