Initialize the Tenable Beat

Prerequisites

• The Open Collector is installed. If you have not already installed it, follow the instructions in the Open Collector Installation and User Guide, and then return to this topic.

• Requires an API Key, obtained during the steps outlined in Configure the Tenable Portal.

• System Monitor version 7.24 or higher is installed.

• JSON Parsing is enabled. For more information, refer to Configure Beats for JSON Parsing.

• The following port is open:

Initialize the Beat via the Web Console (Recommended)

1. Ensure that the Open Collector Connection to the SIEM (WebUI) setup has been completed.

2. Ensure that the System Monitor Agent to which you intend to send these logs has been Configured for JSON Parsing.

3. Follow the steps outlined in Add a Beat in the Web Console to create the Beat via the Web UI.

Initialize the Beat via Command Line (Legacy)

1. To confirm the Open Collector is running, run the following command:

   ./lrctl status
   

   You should see the open_collector and metrics versions.
   If the Open Collector is not running correctly, see Troubleshoot the Open Collector in the Open Collector Installation and User Guide.

2. In the Open Collector, run the following command:

   ./lrctl tenablebeat start
   

3. Enter a unique identifier for the beat instance.

4. Enter the Access Key obtained during the steps outlined in Configure the Tenable Portal.

5. Enter the Secret Key obtained during the steps outlined in Configure the Tenable Portal.

6. Enter Number of BackDays data to be fetched, where the maximum value is 30 and the minimum value is 0:

7. Enter the interval in minutes “m” for the API call.

8. Enter the hostname or IP and Port Number of the Sysmon JSON Parser.

9. Press Enter.
   The beat starts successfully.