Initialize the Tenable Beat

Prerequisites

Direction

Port

Protocol

Source

Outbound

443

HTTPS

Tenable Beat

Initialize the Beat via the Web Console (Recommended)

  1. Ensure that the Open Collector Connection to the SIEM (WebUI) setup has been completed.

  2. Ensure that the System Monitor Agent to which you intend to send these logs has been Configured for JSON Parsing.

Use either the Enable JSON Parsing on System Monitor Agents or the Enable JSON Parsing for an Existing System Monitor Agent sections at the above link to configure the System Monitor Agent for JSON Parsing.

  1. Follow the steps outlined in Add a Beat in the Web Console to create the Beat via the Web UI.

Initialize the Beat via Command Line (Legacy)

  1. Start the beat:

    ./lrctl tenablebeat start
    
  2. Use the Up and Down Arrow keys to select New tenablebeat instance from the list, and then press Enter.

  3. Enter a unique identifier for the beat instance.

  4. Enter the Access Key obtained during the steps outlined in Configure the Tenable Portal.

  5. Enter the Secret Key obtained during the steps outlined in Configure the Tenable Portal.

  6. Enter Number of BackDays data to be fetched, where the maximum value is 30 and the minimum value is 0:

  7. Enter the interval in minutes “m” for the API call.

Ensure that you include “m” for minutes after the numeric value. For example, “6m”.

  1. Enter the hostname or IP address of the System Monitor Agent that has been Configured for JSON Parsing, and then press Enter.

Use either the Enable JSON Parsing on System Monitor Agents or the Enable JSON Parsing for an Existing System Monitor Agent sections at the above link to configure the System Monitor Agent for JSON Parsing.

  1. Enter the port on which the System Monitor Agent is configured to listen for JSON data (the default is 5044), and then press Enter.
    The tenablebeat service started message appears.

  2. Check the status of the service to confirm that it’s running:

    ./lrctl tenablebeat status
    
  3. (Optional) Edit the tenablebeat configuration to update the values set above if needed. Ensure that you have all the needed information for each step available as you will need to re-enter it:

    ./lrctl tenablebeat config edit