The log correlation engine allows analysis from network devices such as firewalls, routers and servers--basically as a SIM/SEM tool. It provides data that can be used in incident response and detects impending and ongoing attacks.
All the data is collected and displayed within the console, where you can drill down in a vulnerability to see all the hosts with the issue and view the IP to see the data for that host. The data also provides relevant information, such as mitigation solutions and external resources like CVE numbers. The proprietary ticketing system is also controlled through this interface, so you can open and track remediation orders.
The Passive Vulnerability scanner and Log Correlation Engine are purchased separately, but Security Center is still a strong tool with just the Nessus scanner. The complete package, however, will give your organization one of the more comprehensive VM solutions available.
This was first published in July 2006