Tenable LCE Updates
http://www.nessus.org/
Log Correlation Engine Content UpdatesNessus Newshttp://www.nessus.org/images/RssLogo.jpg
http://www.nessus.org/
LCE File Integrity Check Polices
These settings can be used to configure your LCE clients to look for possible modifications to system binaries, libraries, DLLs and executables.
To read more, please visit the Log Correlation Engine area of the Discussion portal.
More info]]>
http://www.tenablesecurity.com/news/rssview.php?id=300
2010-05-04T17:11:40-04:00Support for AS400 Logs via PowerTech
To gain access to this new library named as400_powertech.prm, please manually update your plugins at the LCE. If your LCE is configured to automatically update your plugins, this library may have already been installed.
Below is a link to the PowerTech company home page. More info]]>
http://www.tenablesecurity.com/news/rssview.php?id=298
2010-05-04T08:46:46-04:00DNS Activity Monitoring
DNS analysis is supported in many types of DNS and web proxy logs including bind, squid, a wide variety of proxy routers/firewalls and Cisco ASA. Support is also included for DNS and web logs sniffed by version 3.2 of the Passive Vulnerability Scanner which will be released in April 2010.
More info]]>
http://www.tenablesecurity.com/news/rssview.php?id=286
2010-03-29T14:13:54-04:00Realtime HTTP/FTP PVS Support
When these logs are sent to the Log Correlation Engine, they can be used for user tracking, botnet verification and searching for malware.
More detailed information about these new functions is available to Tenable LCE customers at the Tenable Discussion Portal.
More info]]>
http://www.tenablesecurity.com/news/rssview.php?id=271
2009-12-22T11:12:02-05:00Support for Cisco ACE Logs
The library can be downloaded with the lce_update_plugins.pl tool or manually from this link. Manual downloads should ensure ownership of the file is set to user "lce" and should be placed in your LCE's plugins directory. More info]]>
http://www.tenablesecurity.com/news/rssview.php?id=238
2009-07-21T16:54:41-04:00Support for Citrix VPN Logs
The URL for the library is: http://www.nessus.org/vpn_citrix_access.prm
To update your LCE, please use the lce_update_plugins.pl update script. More info]]>
http://www.tenablesecurity.com/news/rssview.php?id=237
2009-07-09T15:41:05-04:00Process Accounting and Process Auditing with TASL program_accounting.tasl) which summarizes process execution events for Windows and Unix servers. The new TASL script tracks all Windows process event logs as well as Unix process accounting logs and produces hourly and daily summaries per server.
This makes it very easy to understand which programs have been executed on a server recently or historically. Once a program of interest has been identified, full log searches can be used to determine who and when these programs were executed.
To install the new TASL script, simply download it from the below link, install it into your plugins directory, update your plugins and then restart the Log Correlation Engine.
More info]]>
http://www.tenablesecurity.com/news/rssview.php?id=229
2009-06-01T08:22:44-04:00Suoshin PHP Log ParsingSuoshin security enhancements. Suoshin blocks many SQL injection and other web application attacks.
If you make use of Suoshin in your environment, the web_php_suhosin.prm library can be downloaded to your Log Correlation Engine to parse their logs. All Suoshin events have been normalized to an event type of "access-denied".
More info]]>
http://www.tenablesecurity.com/news/rssview.php?id=218
2009-03-17T13:06:00-04:00New Sonicwall and D-Link Firewall Log PRMs
These polices can be manually downloaded and added to your LCE /opt/lce/daemons/plugins directory, or your can use the lce_update_plugins.pl tool to perform a full update.
More info]]>
http://www.tenablesecurity.com/news/rssview.php?id=210
2009-02-27T14:31:20-05:00System Monitor TASL Script
Each LCE heartbeat message contains a snapshot of the system's existing CPU, memory and disk usage.
The TASL script includes some default levels for global alerting and these can be overridden by editing a file named system_monitor.conf in the local LCE plugins directory.
To install it on your LCE, simply add this TASL script to your plugins directory, optionally configure a system_monitor.conf file and then restart your LCE.