Prelude Components
Prewikka Interface
Prewikka is the graphical front-end analysis console for the Prelude Universal SIM. Providing numerous features, Prewikka facilitates the work of users and analysts. To learn more about Prewikka functionality see the Prewikka(Pro) Interface page. Prewikka also provides access to external tools such as whois and traceroute.
Prelude Manager
Prelude-Manager is a high availability server that accepts secured connections from distributed sensors and/or other Managers and saves received events to a media specified by the user (database, log file, mail etc.). The server schedules and establishes the priorities of treatment according to the critical character and the source of the alerts.
The Prelude Manager is a concentrator capable of handling large number of connections, and processing large amounts of events. It uses a per client scheduling queues in order to process events by severity fairly across clients.
Access to the Prelude-Manager Technical Documentation on the Trac
Libprelude
Libprelude is a library that guarantees secure connections between all sensors and the Prelude Manager. Libprelude provides an Application Programming Interface (API) for the communication with Prelude sub-systems, it supplies the necessary functionality for generating and emitting IDMEF events with Prelude and automates the saving and re-transmission of data in times of temporary interruption of one of the components of the system.
Libprelude also makes it easy for third party software to be made "Prelude Aware" (able to communicate with Prelude components). This library provides common, useful features used by every sensors.
LibpreludeDB
The PreludeDB Library provides an abstraction layer upon the type and the format of the database used to store IDMEF alerts. It allows developers to use the Prelude IDMEF database easily and efficiently without worrying about SQL, and to access the database independently of the type/format of the database.
Prelude-LML
Prelude-LML is a log analyser that allows Prelude to collect and analyze information from all kind of applications emitting logs or syslog messages in order to detect suspicious activities and transform them into Prelude-IDMEF alerts. Prelude-LML handles events generated by a large set of applications, see the Compatibility page to learn more.
Access to the Prelude-LML Technical Documentation on the Trac
Prelude-Correlator
Prelude-Correlator allows conducting multistream correlations thanks to a powerful programming language for writing correlation rules. With any type of alert able to be correlated, event analysis becomes simpler, quicker and more incisive.
See the Correlation Engine page
The Mail Reporting Plugin
The Mail Reporting Plugin automatically sends emails containing a textual description of events reported to Prelude to a configured list of recipients. The body of the generated email can be the full event, or specific part of it by using a customized template.
Additionally, this plugin is optionally capable of querying the Prelude database in order to include information concerning older events tied to an incoming event.
Using the Mail Reporting Plugin in combination with Prelude-Manager filtering functionality, it is possible to generate email only on events matching specific criteria or threshold.
Prelude-PFLogger
Prelude-PFlogger Listens at OpenBSD PF redirect logged packet, and send alerts to the Prelude Manager.