• Collection of security data derived from all existing systems. Prelude is "agentless", meaning that it depends on no single brand or format and is capable of recovering any type of log (system logs, syslog, flat files, etc.). Moreover, Prelude benefits from a native support with a number of systems dedicated to enriching information even further (snort, samhain, ossec, auditd, etc.)
• Normalization of security events thanks to a single format, called the "Intrusion Detection Message Exchange Format" (IDMEF), which is an international standard created upon the initiative of IETF along with the participation of Prelude teams to enable interacting with the various security tools currently available on the market.

Log collection and normalization are performed by the log analyzer Prelude-LML.
Learn more about Prelude-LML
Access to the Prelude-LML Technical Documentation (Wiki / Level: Technician)

Prelude log types and native sensors are unlimited.
Learn more about Prelude compatibility

• Classification of alerts for the purpose of enhancing their comparison through use of a knowledge base or translation programs (e.g. classification of addresses in either IPv4 or IPv6).
• Filtering of alerts received on the basis of the analyst's needs: at the level of the Prelude-LML log collector (via a pre-selection), at the level of the high-availability Prelude-Manager server (via a selection and definition of actions to be implemented) and/or at the level of the PrewikkaPro interface (by display selection).

The classification is performed by the high availability server Prelude-Manager. 
Learn more about Prelude-Manager
Access to the Prelude-Manager Technical Documentation (Wiki / Level: Technician)

Filtering in Prelude-Manager and Prewikka is based on IDMEF Criteria
Learn more about filters creation based on "IDMEF Criteria" (Wiki / Level: Technician)

• Real-time Visualization of security events via the Prewikka - PrewikkaPro interface. Sensor monitoring, remote sensor management, permissions management, graphical interactive statistics, etc.
• PDF Reporting: publication of PDF reports through use of the interface, by simply clicking the "Export in PDF" button.
• Email Reporting: Transmission of event reports by email to a list of predefined recipients; database queries to associate the input of new events with related past events; possibility of creating email alerts for events corresponding to specific criteria or only for certain thresholds.
• Automated Aggregation, in real time, of events based on their origin, destination and time of appearance. All aggregation system criteria remains entirely configurable.

The visualization, the PDF reporting PDF, the aggregation are performed by the Prewikka open source interface and its commercial version, PrewikkaPro:
Learn more about Prewikka / PrewikkaPro interfaces
Learn more about the PrewikkaPro commercial licenses purchase

The email reporting is performed by the Mail Reporting Plugin:
Learn more about the Mail Reporting Plugin

• Multistream Correlation by virtue of the powerful programming language Lua. Any type of event may be correlated by means of establishing a set of correlation rules.

The correlation is performed by the correlation engine Prelude-Correlator:
Learn more about Prelude-Correlator
Download Prelude-Correlator
Access to the Prelude-Correlator Technical Documentation (Wiki / Level: Technician)

• Distributed: Prelude permits alert aggregation on a WAN scale to offer total security coverage of your entire infrastructure, whether its scope covers a city, a country, a continent or even the world.  
• Modular: Prelude can be deployed without significant modification to current IT infrastructure and evolves with future needs and changes because it is both Open Source and Modular.  
• High Availability System: no data can be lost with the Failover System. Prelude has also been designed to support Redundant Networks to guarantee an uninterrupted service.  
• Relaying: Prelude Managers can act as relays on other Managers. This makes it possible for a Networks Operations Centre (NOC) to gather and process all the alerts transmitted by subsidiaries located at lower authority levels.  
• Reverse Relaying: allows a Prelude Manager to take the initiative and to communicate with another Manager in order to fetch the data held by it. Allows "best practice" communication in DMZ’s.  
• Secured Connection (SSL): guaranteed between every module.

• Universal compatibility : Prelude is indeed capable of operating interactively with all security systems available on the market, whether they be open source or proprietary. Learn more about Prelude compatibility
• New agent development tool: the "Libprelude" library offers a programming interface (API) that facilitates the development of new sensors. Learn more about Libprelude
• Choice of database: MySQL, PosgreSQL, SQLlite are three databases entirely compatible with the open source version.
• Advanced Ticketing system integrated into the PrewikkaPro interface
• Countermeasures through use of installed sensors (Snort Inline, OSSEC, etc.)
• Legal enquiry tools: Storage of events, Whois, Traceroute
• Services: Customization, deployment, technical support, user training...