PreludeIDS Technologies

Libprelude, the Prelude library, now compile and run under Win32 native!

Fri, 19 Sep 2008 19:02:00 +0200

The new Libprelude version 0.9.21 is compatible with the Windows operating system.

It allows connecting sensors from Windows systems, or to create your own Prelude sensors for this platform.

By installing libprelude on a Windows system, your Windows sensors will be able to send their events to a remote Prelude-Manager.

Reported events (Windows / Unix) will be correlated together, thanks to Prelude-Correlator, and visualized in the Prewikka interface.

Prelude-Correlator Beta1 release

Fri, 27 Jun 2008 13:28:00 +0200

PreludeIDS Technologies is proud to announce the first Prelude-Correlator beta release.

Prelude-Correlator serves to correlate, in real time, the multiple events received by Prelude. Several isolated alerts, generated from different sensors, can thus trigger a single correlation alert should the events be related. This correlation alert then appears within the Prewikka interface and indicates the potential target information via the set of correlation rules.

Signature creation with Prelude-Correlator is based on the powerful programming language Lua.

See the Correlation Engine page
Download Prelude-Correlator

The Mail Reporting plugin now open source!

Fri, 27 Jun 2008 13:34:00 +0200

The commercial extension Mail Reporting plugin is now open source! This functionality is now integrated to Prelude-Manager starting from version 0.9.13.

The Mail Reporting Plugin automatically sends emails containing a textual description of events reported to Prelude to a configured list of recipients. The body of the generated email can be the full event, or specific part of it by using a customized template.

Additionally, this plugin is optionally capable of querying the Prelude database in order to include information concerning older events tied to an incoming event.

Using the Mail Reporting Plugin in combination with Prelude-Manager filtering functionality, it is possible to generate email only on events matching specific criteria or threshold.

Download Prelude-Manager 0.9.13.

New prelude sensor: Auditd

Wed, 06 Feb 2008 12:29:00 +0100

Steve Grubb from Red Hat wrote the prelude plugin for Auditd, the SELinux daemon which logs policies violations.

The plugin can currently detect and message: Apps that terminate abnormally (gcc stack overflow/glibc FORTIFY_SOURCE/plain old segfault), SE Linux AVCs, Logins, MAX failed login attempts reached, MAX concurrent sessions reached. This is all done in real-time and not based on a cron job. The audit daemon is capable of being run directly from init if you wanted to do it that way.

The package, installation instructions are available at:
http://people.redhat.com/sgrubb/audit/.

If you run fedora core 8, you can try it easily by running:

yum --enablerepo=updates-testing install audispd-plugins

To do testing on Fedora rawhide (which will become Fedora 9), you will need to put selinux in permissive mode, "setenforce 0".

More information available in Steve�s auditd+prelude HOWTO.

New prelude sensor: Ossec

Fri, 10 Aug 2007 11:55:00 +0200

OSSEC HIDS is a host based intrusion detection system that performs log analysis, integrity checking, Windows registry monitoring, rootkit detection, real-time alerting and active response.

It is now able to communicate and use all the features of the Prelude framework. You can find more informations about this in the email that I sent on the mailing list here.

Please test and report bugs, so that the upcoming release will have a strong and rocking prelude support.

Prelude on Fedora

Mon, 22 Jan 2007 12:16:00 +0100

Prelude packages are now officially available for Fedora Extra (FC5, FC6, and upcoming FC7 - i386, x86_64, ppc architecture are supported). This long overdue addition allows to install the different parts of Prelude on RedHat systems.

Available packages:

libprelude
libpreludedb
prelude-lml
prelude-manager
prewikka

To install a package, use the "install" option with yum:

yum install [package-name]