Log Correlation Engine Features

Broad Device Type Support

Tenable Log Correlation Engine stores, compresses and analyzes any type of ASCII log generated by thousands of network devices and applications. The table below includes supported platforms. New devices are continuously added for broad network coverage.

Anomaly Detection

  • Arbor
  • Tenable Log Correlation Engine anomalies
  • Stealthwatch

Applications

  • Asterisk
  • Arpwatch
  • Citrix
  • Dovecot
  • Exim
  • IMAP
  • IRCd
  • Microsoft Exchange
  • ncFTP
  • Nessus
  • OpenSSH
  • Pointsec
  • POP
  • Postfix
  • proFTP
  • Pure FTP
  • Qpopper
  • Sendmail
  • all Tenable Products
  • UPS
  • wu-FTP
  • wu-IMAP
  • Xpient credit card transaction processing

Audit Trails

  • Support for auditing of all system and user commands for Windows
  • Linux, FreeBSD, OS X and Solaris is supported by all Tenable Log Correlation Engine clients.
  • Oracle Audit Trails

Authentication and Network Access

  • BlueSocket
  • Cisco ACS
  • Cisco ISE
  • Cisco NAC
  • Entrust IdentityGuard
  • ForeScout CounterACT
  • Microsoft ISA
  • RSA SecurID
  • Steel Belted Radius
  • Thycotic Secret Server

Databases

  • Microsoft SQL Database and Audit Logs
  • MySQL
  • Oracle Database and Audit Logs
  • Postgres
  • sniffed SQL transactions observed by the Tenable Passive Vulnerability Scanner

DNS

  • Bind
  • all supported web proxies
  • sniffed DNS lookups observed by the Passive Vulnerability Scanner

File Integrity

  • Honeycomb Technologies
  • Tenable Log Correlation Engine Agents for Windows and Unix
  • Tripwire

Firewalls & IPS

  • Adtran
  • Arkoon
  • Astaro
  • Checkpoint
  • Cisco ASA
  • Cisco PIX
  • CyberGuard
  • D-Link
  • FireEye
  • Fortigate
  • Fortinet
  • F5 Big IP Application Firewall
  • Gauntlet
  • Ipchains
  • Ipfilter
  • Iptables
  • Juniper
  • vShieldEdge
  • Microsoft ISA
  • Kerio
  • NetGear
  • OpenBSD's pf
  • Palo Alto
  • PortSentry
  • SecureSphere Database Firewall
  • SideWinder
  • SonicWall
  • Stonegate
  • Sygate
  • Symantec
  • WebSense
  • Windows XP, Vista, etc.
  • ZoneAlarm

Honey Pots

  • ForeScout
  • Honeyd
  • La Brea
  • Multipot
  • Nepenthes
  • Symantec Decoy Server
  • WebLabyrinth

Intrusion Detection/Prevention

  • AirMagnet
  • Bro
  • Cisco IDS/IPS
  • Dragon
  • IntruSheild
  • Juniper
  • Checkpoint
  • Portaledge
  • Proventia
  • Snort
  • Sourcefire
  • Suricata
  • TippingPoint
  • Toplayer IPS

Malware/Virus/Integrity

  • Bit9
  • ClamAV
  • eTrust
  • FireEye
  • McAfee
  • Microsoft ForeFront
  • Sophos
  • Symantec
  • Trend Micro
  • Windows Defender

Network Devices

  • 3Com
  • Apple Airport
  • Buffalo
  • Cisco 3000 VPN Concentrator
  • Cisco ACE
  • Cisco Aironet
  • Cisco IOS
  • Citrix Access Gateway
  • DHCP leases
  • D-Link
  • Enterasys
  • Extreme
  • Foundry
  • Juniper

Network Monitors

  • McAfee DLP
  • RNA
  • Tenable NetFlow Monitor (v5 and v9)
  • Tenable Network Monitor
  • forensic logging from the Tenable Passive Vulnerability Scanner

Operating Systems

  • AIX
  • AS400 (via PowerTech)
  • FreeBSD
  • IBM z/OS (via Type80 SMA_RT syslogs)
  • Linux (Red Hat, Fedora, CentOS, SuSE)
  • Mac OS X
  • Solaris
  • Windows (NT, 2000, XP, 2003, Vista, 2008, 7)

Patch Management Systems

  • Microsoft Windows Update Service (WSUS)

Spam

  • Amavis
  • Barracuda
  • MailScanner

Web Servers

  • Apache 1.x/2.x
  • Microsoft IIS
  • Oracle HTTP Server
  • PHP Suhosin extensions
  • WC3/NCSA compatible log formats

Web Proxies

  • BlueCoat
  • Internet Content Adaptation Protocol (ICAP)
  • McAfee Web Gateway
  • Squid
  • Sniffed web browsing sessions observed by the Tenable Passive Vulnerability Scanner

Centralized Management

  • Log Correlation Engine client administration and management allow for efficient deployments and real-time configuration modifications.
  • Integrate the Log Correlation Engine with SecurityCenter, Nessus®, and Passive Vulnerability Scanner to implement a continuous security and compliance monitoring architecture for real-time analytics and reporting.
  • Store, compress, and search logs from thousands of network devices and applications, and save specific searches as tamper-proof forensic evidence.

Flexible, Scalable Deployment

  • Intelligent load balancing and redundancy mechanism enable "log mirroring" and high availability deployments.
  • Logs can be stored locally in 1TB, 5TB and 10TB data stores, on a dedicated syslog server, or a SAN/NAS for unlimited data retention.
  • Server-client architecture allows thousands of Log Correlation Engine clients to operate from a single Log Correlation Engine server.
  • Data may be rotated and archived or saved in a compressed format, which may be searched from a Log Correlation Engine interface or SecurityCenter.

Powerful Analytics & Reporting

  • Statistical profiling of each device enables changes in expected behavior to be identified.
  • Automatic alerting notifies you if abnormal activity is detected such as increases in event types, increased connections or a dramatic change in the client or server behavior.
  • IDS Correlation notifies users if vulnerabilities are actively being attacked, which greatly improves situational awareness.
  • Customizable detection provides the ability to write your own parsers for events.

Getting Started

Deploy Tenable Log Correlation Engine quickly as part of Tenable's QuickStart for Log/SIEM Management service. Experienced engineers will implement Tenable best practices for enterprise deployment and scanning throughout the system.

QuickStart for Log/SIEM Management

  • Install and configure the Log Correlation Engine. Tenable’s Log Correlation Engine will be installed and configured based on requirements captured during the solution design.
  • Implement best practices. Experienced Tenable engineers will implement and orient you to Tenable best practices for enterprise deployment, log collection, and event alerting throughout the system.
  • Validate operational capabilities. Log Correlation Engine will be tested end-to-end for logging and other operational capabilities.

To learn more about pricing or to get a quote, please contact us.

Have questions or need more information about Tenable's Log Correlation Engine solution? Check out:

Evaluate SecurityCenter Continuous View for Your Organization

Start your free 15-day trial

Evaluate

Buy SecurityCenter Continuous View

Bring centralized log analysis and event monitoring to your network.

Buy Now

Compare SecurityCenter Editions

See what version of SecurityCenter is right for you.

Compare