Advanced Aggregation System

Automatic correlation, in real time, of security events according to their origin, destination and time of occurrence. This high-performance system transforms raw data into pertinent information by producing attack scenarios. It assists analysts in identifying attacks accurately and allows them to eliminate false positives. The criteria of the Advanced Aggregation System are fully configurable.

Permissions management

User access levels management system (access for event viewing, access for event update, creation of tickets, update of tickets, viewing of tickets, remote sensor management, user management, etc.)

Filter creation

Criteria definition system allowing the user to focus on specific event categories (transmitting sensor, severity, completion, etc.) The filter system can be used either as a continuous display preference system or as a specific event search system.

Sensor monitoring

Sensor error detection system with status reporting (online, offline - error, offline - normal status)

Remote Sensor Management

Real-time configuration system of the general and/or specific attributes of the sensors. i.e. configuration of the intervals between the “heartbeats” transmitted by the sensor, the Prelude Manager to which the sensor transmits events, the name and location of the sensors etc.

Advanced Ticket System

A system of assigning responsibilities for event handling. This enables a team of analysts to organize the monitoring of an event or of a set of events, by using assignment tickets. The Prewikka ticket system is totally integrated into the Graphical User Interface: the status of the tickets is displayed on the list of attack scenarios and security events.

Graphical Fully Interactive Statistics

Generation of graphical synthesis statistics of events with temporal distribution covering intervals anywhere from one minute to several years. This quick display system classifies security events (filtered or unfiltered) by category, origin, destination, transmitting sensor etc. The interactive nature of the system enables the user to navigate inside of events in a transversal manner. The synthetic nature of the graphical statistics lightens the administrative workload of the analyst.

Ability to Create Virtual Alert "Views"

Users can create customised views of their alerts and/or heartbeats anywhere in PrewikkaPro. They can have constant access important data by saving virtual views on which specific filters have been applied. Virtual views can be configured in the "Settings" menu under the "View" tab.

Alert Listing PDF Export

The alert views can be saved in PDF format for off line access. This very practical feature can be used to draw someone’s attention to a particular event without the person having to access the PrewikkaPro interface.