Add a Tenable Log Correlation Engine Server

Note: Tenable Enclave Security does not support Tenable Log Correlation Engine.

Required User Role: Administrator

Tip: You can configure more than one Tenable Log Correlation Engine to work with Tenable Security Center.

Before you begin:

To add an Log Correlation Engine server to Tenable Security Center:

  1. Log in to Tenable Security Center via the user interface.

  2. In the left navigation, click Resources > Log Correlation Engines.

    The LCE Servers page appears.

  3. At the top of the table, click Add.

    The Add LCE Server window appears.

  4. Configure the General options, as described in Tenable Log Correlation Engines.

    1. In the Name box, type a name for the Log Correlation Engine server.
    2. In the Description box, type a description for the Log Correlation Engine server.
    3. In the Host box, type the hostname or IP address for the Log Correlation Engine server.
    4. In the Port box, view the default (1243) and modify, if necessary.
  5. (Optional) To allow Tenable Security Center to log in to the Log Correlation Engine server and retrieve vulnerability information:

    1. Enable Import Vulnerabilities.

      Note: If you use an Log Correlation Engine server with Tenable Security Center, Tenable Security Center counts the IP addresses associated with each imported instance against your license. For more information, see License Requirements.

    2. Select a Repository for the event vulnerability data.
    3. Type a Username and Password you want Tenable Security Center to use for access to the Log Correlation Engine server.
  6. Click Submit.

    Tenable Security Center saves your configuration.

  7. (Optional) If you enabled the Check Authentication option above, Tenable Security Center checks its ability to authenticate with the Log Correlation Engine server.

    • If authentication is successful, Tenable Security Center displays a message to acknowledge that fact.

    • If authentication fails, Tenable Security Center prompts you for credentials to the Log Correlation Engine server:

      1. Type a username and password.

      2. Click Push Key to initiate the transfer of the SSH Key.

        If the transfer is successful, Tenable Security Center displays a message to acknowledge that fact.

        Note: Tenable Security Center connections use ECDSA keys, but Log Correlation Engine connections use RSA keys. When you use the Push Key option, Tenable Security Center sends an RSA key. For more information about Tenable Security Center keys, see Keys Settings.