Initialize the Tenable Beat

Prerequisites

• The Open Collector is installed. If you have not already installed it, follow the instructions in the Open Collector Installation and User Guide, and then return to this topic.

• Requires an API Key, obtained during the steps outlined in Configure the Tenable Portal.

• System Monitor version 7.24 or higher is installed.

• JSON Parsing is enabled. For more information, refer to Configure Beats for JSON Parsing.

• The following port is open:

Initialize the Beat

1. To confirm the Open Collector is running, run the following command:

   CODE

   ./lrctl status

   You should see the open_collector and metrics as shown in the following graphic:

   

   If the Open Collector is not running correctly, see Troubleshoot the Open Collector in the Open Collector Installation and User Guide.

2. In the Open Collector, run the following command:

   CODE

   ./lrctl tenablebeat start

3. Enter a unique identifier for the beat instance.

4. Enter the Access Key obtained during the steps outlined in Configure the Tenable Portal.

5. Enter the Secret Key obtained during the steps outlined in Configure the Tenable Portal.

6. Enter Number of BackDays data to be fetched, where the maximum value is 30 and the minimum value is 0:

7. Enter the interval in minutes “m” for the API call.

Ensure that you include “m” for minutes after the numeric value. For example, “6m”.

8. Enter the hostname or IP and Port Number of the Sysmon JSON Parser.

9. Press Enter.
   The beat starts successfully, and displays the following output: