Add a Log Correlation Engine Server

Required User Role: Administrator

Tip: You can configure more than one Log Correlation Engine to work with Tenable.sc.

Before you begin:

To add an LCE server to Tenable.sc:

  1. Log in to Tenable.sc via the user interface.

  2. Click Resources > Log Correlation Engines.

    The LCE Servers page appears.

  3. Click Add.

    The Add LCE Server window appears.

  4. Configure the General options, as described in Log Correlation Engines.

    1. In the Name box, type a name for the LCE server.
    2. In the Description box, type a description for the LCE server.
    3. In the Host box, type the hostname or IP address for the LCE server.
    4. In the Port box, view the default (1243) and modify, if necessary.
  5. (Optional) To allow Tenable.sc to log in to the LCE server and retrieve vulnerability information:

    1. Enable Import Vulnerabilities.

      Note: If you use an LCE server with Tenable.sc, Tenable.sc counts the IP addresses associated with each imported instance against your license. For more information, see License Requirements.

    2. Select a Repository for the event vulnerability data.
    3. Type a Username and Password you want Tenable.sc to use for access to the LCE server.
  6. Click Submit.

    Tenable.sc saves your configuration.

  7. (Optional) If you enabled the Check Authentication option above, Tenable.sc checks its ability to authenticate with the LCE server.

    • If authentication is successful, Tenable.sc displays a message to acknowledge that fact.

    • If authentication fails, Tenable.sc prompts you for credentials to the LCE server:

      1. Type a username and password.

      2. Click Push Key to initiate the transfer of the SSH Key.

        If the transfer is successful, Tenable.sc displays a message to acknowledge that fact.