Original author(s) Initial release 1998 Written in C, python | Developer(s) CS Group C-S Development status Stable | |
Stable release 1.1 / September 24, 2013; 3 years ago (2013-09-24) |
Prelude is an agentless, universal, and hybrid SIEM system, released primarily under a proprietary software license and a version for evaluation released under the terms of the GPLv2.
Contents
While a malicious user (or software) may be able to evade the detection of a single IDS (NIDS, HIDS, etc.), it becomes exponentially more difficult to get around the defenses when there are multiple protection mechanisms. Prelude comes with a large set of sensors, each of them monitoring different kind of events. Prelude permits alert collection to WAN scale, whether its scope covers a city, a country, a continent or the world.
Prelude claims that it is a SIEM system capable of inter-operating with all the systems available on the market. It is natively compatible with: AuditD, Nepenthes, NuFW, OSSEC, Pam, Samhain, Sancp, Snort, and Suricata but anyone can write its own sensors or use some of the 3rd party sensors available, given Prelude's open APIs and libraries.
Prelude-SIEM compound is a hybrid of two different heterogeneous detectors types :
History
Functions
Prelude collects, normalizes, sorts, aggregates, correlates and displays all security events regardless of the types of surveillance equipment. Beyond its capacity for processing of all types of event logs (system logs, syslog, flat files, etc.), Prelude is natively compatible with many anti-intrusion sensors.
Prelude main characteristics are the following:
Prelude modules
Prelude has been designed in a scalable way to simply adapt to any environment.
The open-source version is composed of the following main modules:
Versions
Prelude is available in three versions: