Correlation Engine
Prelude-Correlator allows conducting multistream correlations thanks to a powerful programming language for writing correlation rules. With any type of alert able to be correlated, event analysis becomes simpler, quicker and more incisive.
Distributed under a GPL licensing agreement, Prelude-Correlator is intended for all SIM Prelude users for the purpose of facilitating the analysis of detected events.
The development of various application scenarios by Prelude-Correlator makes it possible for you to focus with great efficiency on major security events taking place throughout your infrastructure.
Functionality:
- Rapid identification of important security events, enabling the analyst to assign task priorities
- Alert correlation originating from heterogeneous sensors deployed across your whole environment
- Real-time analysis of events received by the Prelude Manager
Prelude-Correlator serves to correlate, in real time, the multiple events received by Prelude.
Several isolated alerts, generated from different sensors, can thus trigger a single correlation alert should the events be related. This correlation alert then appears within the Prewikka interface and indicates the potential target information via the set of correlation rules.
Signature creation with Prelude-Correlator is based on the powerful programming language Lua. Prelude's integrated correlation engine is distributed with a default set of correlation rules, yet you still have the opportunity to modify and create any correlation rule that suits your needs.