Troubleshooting
Problem
Tenable SecurityCenter 5.4.x scans complete successfully, but QRadar does not collect any data from the scan result. The logs display a Log Correlation Engine (LCE) error: Retrieving user LCEs during Query validate failed.
Symptom
Scans in QRadar complete per the user interface; however, both the hover text in the user interface and reported by the vis service in /var/log/qradar.log:
Status: [Complete] Scan Complete - Processed[0]unique IP addresses
containing [0] ports and [0] vulnerabilities.
containing [0] ports and [0] vulnerabilities.
Document Location
Worldwide
[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Component":"Tenable Security Center;completed scan data","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB77","label":"Automation Platform"}}]
Log InLog in to view more of this document
This document has the abstract of a technical article that is available to authorized users once you have logged on. Please use Log in button above to access the full document. After log in, if you do not have the right authorization for this document, there will be instructions on what to do next.
Was this topic helpful?
Document Information
Modified date:
07 January 2021
UID
ibm10883862