Tenable's security information and event management (SIEM) solution leverages the log management capabilities of the Log Correlation Engine (LCE) to collect all logs, software activity, user events, and network traffic. It analyzes all data for correlated events and impact on security and compliance posture. Event context and threat-list intelligence about any system is provided by Tenable Nessus vulnerability and configuration scans and real-time monitoring with the Tenable Passive Vulnerability Scanner (PVS).
- Alerting - Configure and receive automatic alerts based on customized event thresholds.
- Event Correlation - Multiple forms of event correlation are available for all events including statistical anomalies, associating IDS event with vulnerabilities, and alerting on 'first time seen' events.
- Log Normalization - Normalize, correlate, and analyze user and network activity from log data generated by any device or application across the enterprise in a central portal.
- User Monitoring - Monitor user activity. Associate events such as a NetFlow, IDS detection, firewall log activity, file access, system error, or login failure with specific users for easy reporting and insider threat detection.
- Full Log Indexing & Search - All logs are compressed and stored, whether they are normalized according to a rule or left raw. Using full-text search, you can rapidly search logs for keywords, user names, IP addresses, and many other terms. Log searches are stored with an independent checksum and can be re-launched at any time.
- NetFlow Analysis - Each instance of the Tenable LCE includes agents for many different platform technologies. They can collect NetFlow traffic logs from routers, switches, and other network devices.
- Malware Detection - The Tenable LCE Windows client monitors all processes running on Windows machines for malware processes, and can alert the security team if malware is discovered.
- Network Content Analysis - Analyze network traffic in real-time with Tenable PVS. It produces an accurate vulnerability report and a real-time forensic log of network events such as shared files, DNS lookups, and social network activity.