The Tenable Log Correlation Engine (LCE) can store any log received via syslog or one of our agents that collects netflow, Windows events, application log files and many other types of sources. These logs are compressed in real-time, often at 20:1 or greater compression ratios.

Logs can be immediately searched for keywords, user names, IP addresses and a plethora of other terms. Log searches are stored with an independent checksum and can be re-launched with a single click. As logs are gathered, they are indexed for rapid searching. For example, a Tenable customer can gather logs from their internal DNS servers to search for evidence of malware performing lookups of known botnet and malicious websites.

Multiple instances of the Tenable Log Correlation Engine may be deployed for load balanced log storage and search when centrally managed from the Tenable SecurityCenter console. All distributed queries are seamlessly performed, aggregated and reported to the user. The Log Correlation Engine is entirely self sufficient and does not need an external database to store results.

Historic logs also may be uploaded to the Tenable Log Correlation Engine for automatic normalization and indexing.

Tenable's Unified Security Monitoring solution also ensures that logs originate from their established location. Organizations can leverage Tenable Nessus' ability to audit Unix and Windows configurations to ensure that logging is enabled and configured correctly.