Prelude Hybrid IDS

Prelude is an agentless, universal, and hybrid security information and event management (SIEM) system, released primarily under a Proprietary software license and a version for evaluation released under the terms of the GPLv2.^[1][2]

Prelude collects, normalizes, sorts, aggregates, correlates and reports all security-related events independently of the product brand or license. Security events are normalized to an IDMEF format, allowing native support with almost all security related event from an IT equipment.

While a malicious user (or software) may be able to evade the detection of a single IDS (NIDS, HIDS, etc.), it becomes exponentially more difficult to get around the defenses when there are multiple protection mechanisms. Prelude comes with a large set of sensors, each of them monitoring different kind of events. Prelude permits alert collection to WAN scale, whether its scope covers a city, a country, a continent or the world.

Prelude claims that it is a SIEM system capable of inter-operating with all the systems available on the market.^[3] It is natively compatible with: AuditD, Nepenthes, NuFW, OSSEC, Pam, Samhain, Sancp, Snort, and Suricata but anyone can write its own sensors or utilize some of the 3rd party sensors that are available, given Prelude's opened APIs and librairies.

Prelude modules

Prelude is modular so it can be adapted to any architecture.

The major modules are :

• Manager, receives and save events
• LibPreludeDB, high speed database insertion module
• Correlator, event correlation module
• LML, Log Monitoring Lackey module
• Prewikka, the web Graphical User Interface (GUI)

Versions

Prelude is available in three versions:

• Prelude OSS, free, public and open source version of Prelude, for test and educational purposes
• Prelude Pro, scalable, professionally usable and high performance version of Prelude, for real-world environment
• Prelude Entreprise, fully scaled version, mainly for SOC usage

External links

• Official Website
• Prelude Wiki

References