Jump to content

Prelude SIEM (Intrusion Detection System)

Edit links
From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by Casier David (talk | contribs) at 10:17, 4 May 2016. The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Prelude SIEM
Original author(s)Yoann Vandoorselaere
Developer(s)CS Group C-S
Initial release1998
Stable release
1.1 / September 24, 2013; 11 years ago (2013-09-24)
Written inC, python
Operating systemLinux, BSD, Windows
TypeSIEM
LicenseProprietary software and GPLv2
Websiteprelude-siem.com

Prelude is an agentless, universal, and hybrid security information and event management (SIEM) system, released primarily under a Proprietary software license and a version for evaluation released under the terms of the GPLv2.[1][2]

Prelude collects, normalizes, sorts, aggregates, correlates and reports all security-related events independently of the product brand or license. Security events are normalized to an IDMEF format, allowing native support with almost all security related event from an IT equipment.

While a malicious user (or software) may be able to evade the detection of a single IDS (NIDS, HIDS, etc.), it becomes exponentially more difficult to get around the defenses when there are multiple protection mechanisms. Prelude comes with a large set of sensors, each of them monitoring different kind of events. Prelude permits alert collection to WAN scale, whether its scope covers a city, a country, a continent or the world.

Prelude claims that it is a SIEM system capable of inter-operating with all the systems available on the market.[3] It is natively compatible with: AuditD, Nepenthes, NuFW, OSSEC, Pam, Samhain, Sancp, Snort, and Suricata but anyone can write its own sensors or utilize some of the 3rd party sensors that are available, given Prelude's opened APIs and librairies.

Prelude modules

Prelude is modular so it can be adapted to any architecture.

The major modules are :

  • Manager, receives and save events
  • LibPreludeDB, high speed database insertion module
  • Correlator, event correlation module
  • LML, Log Monitoring Lackey module
  • Prewikka, the web Graphical User Interface (GUI)

Versions

Prelude is available in three versions:

  • Prelude OSS, free, public and open source version of Prelude, for test and educational purposes
  • Prelude Pro, scalable, professionally usable and high performance version of Prelude, for real-world environment
  • Prelude Entreprise, fully scaled version, mainly for SOC usage

References

  1. ^ https://www.prelude-siem.org/
  2. ^ http://www.prelude-siem.com/index.php/en/products/prelude-oss
  3. ^ https://www.prelude-siem.org/wiki/prelude/PreludeLml


Stub icon

This computer networking article is a stub. You can help Wikipedia by expanding it.

Retrieved from "https://en.wikipedia.org/w/index.php?title=Prelude_SIEM_(Intrusion_Detection_System)&oldid=718577338"