It allows connecting sensors from Windows systems, or to create your own Prelude sensors for this platform.

By installing libprelude on a Windows system, your Windows sensors will be able to send their events to a remote Prelude-Manager.

Reported events (Windows / Unix) will be correlated together, thanks to Prelude-Correlator, and visualized in the Prewikka interface.

On July 2008, for the 2008 LSM, Yoann Vandoorselaere, Prelude creator and PreludeIDS Technologies CTO, will give a talk entitled "Prelude, State of the Art".

In this talk, in english, we will introduce the Prelude system and describe the current state of the art: correlation, new programming interface suitable for scripting languages, and individuals improvements made to each Prelude modules.

See Also:

• The 2008 LSM Website
• The "Prelude, State of the art" talk (pdf)
• All Prelude conferences

Prelude-Correlator serves to correlate, in real time, the multiple events received by Prelude. Several isolated alerts, generated from different sensors, can thus trigger a single correlation alert should the events be related. This correlation alert then appears within the Prewikka interface and indicates the potential target information via the set of correlation rules.

Signature creation with Prelude-Correlator is based on the powerful programming language Lua.

• See the Correlation Engine page
• Download Prelude-Correlator

The Mail Reporting Plugin automatically sends emails containing a textual description of events reported to Prelude to a configured list of recipients. The body of the generated email can be the full event, or specific part of it by using a customized template.

Additionally, this plugin is optionally capable of querying the Prelude database in order to include information concerning older events tied to an incoming event.

Using the Mail Reporting Plugin in combination with Prelude-Manager filtering functionality, it is possible to generate email only on events matching specific criteria or threshold.

Download Prelude-Manager 0.9.13.

The Prelude team has updated its communication and knowledge sharing tool and will now feature a revised format, new articles and an improved organization of headings to make the browsing experience smoother and more effective.

Yet the fundamental change lies in merging the Prelude-ids.com and Prelude-ids.org sites, in the same objective of streamlining and facilitating the browsing experience. The content of the Prelude Project site will be completely integrated and directly accessible via a heading entitled "Development". The merger will come about naturally; former site users will not feel lost and new visitors will find their visit to the site an enjoyable one.

The launch of this site will also provide the occasion to refresh and enhance some of the most practical content, including the site's documentation features. Number of original headings and functionality should also make their way onto the site.

We hope you'll find this updated site every bit as attractive as the Prelude team has tried to make it. Should you have any comments or wish to correct any site content, please feel free to contact: webmaster@prelude-ids.com

The opportunity for both sides to present new opportunities offered by the cooperation between NuFW (Firewall by INL) and Prelude.

PreludeIDS is proud to count the OpenSource Security company among its Certified Partners. OpenSource Security is owned by Ralf Spenneberg, an open source security expert. In that capacity, he is the author of several books including « Intrusion Detection und Prevention mit Snort 2 & Co. » (in German) in which he devotes a chapter to the Prelude system.

Read the OpenSource Security company profile on PreludeIDS website

The plugin can currently detect and message: Apps that terminate abnormally (gcc stack overflow/glibc FORTIFY_SOURCE/plain old segfault), SE Linux AVCs, Logins, MAX failed login attempts reached, MAX concurrent sessions reached. This is all done in real-time and not based on a cron job. The audit daemon is capable of being run directly from init if you wanted to do it that way.

The package, installation instructions are available at:
http://people.redhat.com/sgrubb/audit/.

If you run fedora core 8, you can try it easily by running:

yum --enablerepo=updates-testing install audispd-plugins

To do testing on Fedora rawhide (which will become Fedora 9), you will need to put selinux in permissive mode, "setenforce 0".

More information available in Steve’s auditd+prelude HOWTO.

Publisher: O’Reilly Media

Publication: 08/2007

Pages: 692 - 694 (Chapter 20.13 : Host Monitoring in Large Environments with Prelude-IDS)

Description: What if you could sit down with some of the most talented security engineers in the world and ask any network security question you wanted? Security Power Tools lets you do exactly that! Members of Juniper Networks' Security Engineering team and a few guest experts reveal how to use, tweak, and push the most popular network security applications, utilities, and tools available using Windows, Linux, Mac OS X, and Unix platforms. Designed to be browsed, Security Power Tools offers you multiple approaches to network security via 23 cross-referenced chapters that review the best security tools on the planet for both black hat techniques and white hat defense tactics. It's a must-have reference for network administrators, engineers and consultants with tips, tricks, and how-to advice for an assortment of freeware and commercial tools, ranging from intermediate level command-line operations to advanced programming of self-hiding exploits. Security Power Tools details best practices for: Reconnaissance -- including tools for network scanning such as nmap; vulnerability scanning tools for Windows and Linux; LAN reconnaissance; tools to help with wireless reconnaissance; and custom packet generation Penetration -- such as the Metasploit framework for automated penetration of remote computers; tools to find wireless networks; exploitation framework applications; and tricks and tools to manipulate shellcodes Control -- including the configuration of several tools for use as backdoors; and a review of known rootkits for Windows and Linux Defense -- including host-based firewalls; host hardening for Windows and Linux networks; communication security with ssh; email security and anti-malware; anddevice security testing Monitoring -- such as tools to capture, and analyze packets; network monitoring with Honeyd and snort; and host monitoring of production servers for file changes Discovery -- including The Forensic Toolkit, SysInternals and other popular forensic tools; application fuzzer and fuzzing techniques; and the art of binary reverse engineering using tools like Interactive Disassembler and Ollydbg A practical and timely network security ethics chapter written by a Stanford University professor of law completes the suite of topics and makes this book a goldmine of security information. Save yourself a ton of headaches and be prepared for any network security dilemma with Security Power Tools.

Publisher website

It is now able to communicate and use all the features of the Prelude framework. You can find more informations about this in the email that I sent on the mailing list here.

Please test and report bugs, so that the upcoming release will have a strong and rocking prelude support.