Event Monitoring

Tenable Log Correlation Engine & Splunk Integration

by Paul Asadoorian
June 26, 2009

Setting up the Log Correlation Engine & Splunk

Tenable has recently released a new Log Correlation Engine (LCE) client that allows you to collect log data from Splunk installations to send to LCE, Tenable’s solution for log storage, normalization and correlation. If you have instances of Splunk in your environment, it’s a simple process to configure the integration. Below is an overview of the traffic flow:

Log Correlation Engine 2.0.3 Released

by Ron Gula
October 8, 2007

Tenable has recently released version 2.0.3 of the Log Correlation Engine (LCE). This blog entry will highlight the new features as well as recent enhancements to the log parsing rule sets and the event correlation algorithms.

Daemon and Agent Enhancements

The main log processing daemon has enhanced performance. Several optimizations were added which drastically increase the overall events per second throughput. LCE customers should notice substantially lower CPU utilization as well.

Finding Low Frequency Events

by Ron Gula
April 23, 2007

Very often when I speak with Tenable customers about performing IDS or Event analysis, I ask them if they use the Time Distribution tool under the Security Center. This tool is used to identify any combination of low frequency events for any query or time period it works with raw IDS events under the Security Center as well as normalized log or network events under the Log Correlation Engine.

Log Correlation Engine Rules Update

by Ron Gula
March 25, 2007

Several new PRM libraries and one TASL script have been updated and are available for download and use with the Log Correlation Engine. The list below shows what has changed. Each PRM or TASL links to the URL for downloading.