Log Correlation Engines
Tenable Log Correlation Engine (LCE) is a software module that aggregates, normalizes, correlates, and analyzes event log data from the myriad of devices within the infrastructure. LCE also has the ability to analyze logs for vulnerabilities.
Tenable.sc performs vulnerability, compliance, and event management, but without LCE integration it does not directly receive logs or IDS/IPS events. With LCE integration, LCE processes the events and passes the results to Tenable.sc.
LCE's close integration with Tenable.sc allows you to centralize log analysis and vulnerability management for a complete view of your organization’s security posture.
Note: If you add an LCE server to Tenable.sc and enable Import Vulnerabilities, LCE data counts against your Tenable.sc license. For more information, see License Requirements.
For more information, see Add a Log Correlation Engine Server.
If remote root or root equivalent user login is prohibited in your environment, you can add the LCE server using SSH key authentication. For more information, see Manual LCE Key Exchange.
For information about Tenable.sc-Log Correlation Engine communications encryption, see Encryption Strength.
Log Correlation Engine Options
| Option | Description |
|---|---|
|
Name |
Name for the integrated Log Correlation Engine. |
|
Description |
Descriptive text for the integrated Log Correlation Engine. |
|
Host |
IP address of the integrated Log Correlation Engine. |
|
Check Authentication |
Whether Tenable.sc checks the status of authentication between itself and the LCE server. |
|
Organizations |
Organizations that can access data from the integrated Log Correlation Engine. |
|
Repositories |
The repositories where you want Tenable.sc to store the imported LCE data. |
|
Port |
The port where the LCE reporter is listening on the LCE server. |
|
Username and Password |
The username and password you want Tenable.sc to use for authentication to the LCE server to retrieve vulnerability information. This user account must be able to make changes on the remote system to enable the SSH key exchange between Tenable.sc and LCE. The appropriate permissions level is typically root, root equivalent, or other high-level user permissions on the LCE system. Tenable.sc uses these credentials a single time to exchange SSH keys for secure communication between Tenable.sc and LCE. |