- Source: Prelude SIEM (Intrusion Detection System)
Prelude SIEM is a Security information and event management (SIEM).
Prelude SIEM is a tool for driving IT security that collects and centralizes information about the company's IT security to offer a single point of view to manage it. It can create alerts about intrusions and security threats in the network in real-time using logs and flow analyzers. Prelude SIEM provides multiple tools to do forensic reporting on Big Data and Smart Data to identify weak signals and Advanced Persistent Threats (APT). Prelude SIEM also embeds all tools for the exploitation phase to make work easier for operators and help them with risk management.
While a malicious user (or software) may be able to evade the detection of a single intrusion detection system, it becomes exponentially more difficult to get around defenses when there are multiple protection mechanisms. Prelude SIEM comes with a large set of sensors, each of them monitoring different event types. Prelude SIEM permits alert collection to the WAN scale, whether its scope covers a city, a country, a continent or the world.
Prelude SIEM is a SIEM system capable of inter-operating with all the systems available on the market. It implements natively with the Intrusion Detection Message Exchange Format (IDMEF, RFC 4765) format. In this way, it is natively IDMEF compatible with OpenSource IDS: AuditD, Nepenthes, NuFW, OSSEC, Pam, Samhain, Sancp, Snort, Suricata, Kismet, etc. but anyone can write their own IDS or use any of the third party sensors available, given Prelude SIEM's open APIs and libraries.
Since 2016, with the "Prelude IDMEF Partner Program", Prelude SIEM is now also IDMEF compatible with many commercial IDS.
Prelude SIEM provides all SIEM functions through three modules: ALERT (SEM), ANALYZE and ARCHIVE (SIM) and is so the only one true SIEM alternative on the market. Plus, Prelude SIEM promotes the use of IETF security standards through the SECEF project and the "Prelude IDMEF Partner Program".
History
1998: Creation of an IDS project by Yoann Vandoorselaere: Prelude IDS
2002: Prelude becomes a Hybrid IDS
2005: Creation of the company Prelude-Technologies
2009: The INL Society acquires Prelude-Technologies
2009: INL become Edenwall Technologies
2011-08-18: Edenwall Technologies is declared for suspended payments, Prelude-IDS software, the company, and the brand are on sale
2011-10-13: CS (Communication & Systems), Edenwall partner, buy Prelude-IDS
2012: Opening of the websites: www.prelude-ids.org and www.prelude-ids.com (Now www.prelude-siem.com)
2012: Release of the new version Prelude OSS 1.1 and Prelude Enterprise 1.1
2014: Release of Prelude Enterprise V2
2014: Prelude IDS becomes Prelude SIEM and Prelude Enterprise becomes Prelude SOC
2015: Prelude SIEM received the award of "France Cybersecurity" (French cybersecurity)
2016: Prelude SIEM launch the "Prelude IDMEF Partner Program"
2016: Prelude SIEM OSS (Community version) received the award of OW2 for its community
2017: Release of Prelude SIEM 4.0, results of two years of research and developments efforts
2017: New packaging of Prelude SIEM available: Machine virtuelle
Functions
Prelude SIEM collects, normalizes, sorts, aggregates, correlates and displays all security events regardless of the types of surveillance equipment. Beyond its capacity for processing of all types of event logs (system logs, syslog, flat files, etc.), it's also natively compatible with many IDS.
Prelude SIEM's main characteristics are the following:
Built on an open-source core (Python, C), light web client 2.0
"Agent-less" operation
Compliant with Intrusion Detection Message Exchange Format (IDMEF, RFC 4765), Incident Object Description Exchange Format (IODEF, RFC 5070), HTTP, XML, SSL standards
Smart Data: Smart correlation of security events
Big Data: Collection, storage and indexing of logs
Modular, flexible and resilient
Hierarchical and decentralized architecture
Prelude SIEM Community version
Prelude SIEM OSS has been designed in a scalable way to simply adapt to any environment. it is a free, public and open-source version (GPLV2) for small IT Infrastructures, tests and educational purposes.
The open-source version is composed of the following main modules:
Manager: which receives and stores alerts into the database
LibPrelude: connect each IDMEF agents to Prelude SIEM
LibPreludeDB: high-speed database insertion module
Correlator: event correlation module
LML (Log Management Lackey): detect and normalize important logs
Prewikka: web Graphical User Interface (GUI)
These modules are the base of the ALERT module in the commercial version. The commercial version also adds many functionalities to these modules and scale up the performances and architecture possibilities.
Prelude SIEM and Prelude SOC
Prelude SIEM (commercial version) is a scalable, professionally usable and high-performance version of Prelude, for real-world environments. Prelude SOC is fully scaled version, mainly for SOC (Security Operations Center) usage.
The commercial versions are organized as follows:
Prelude SIEM: SIEM for enterprise with modules: ALERT, ANALYSE, and ARCHIVE
ALERT: Storage, Detection, Normalization, Correlation, Aggregation, Real-time Notification
ANALYSE: Analyze, Reporting and Compliance
ARCHIVE: Storage, Indexation of logs and flows for forensic
Prelude SOC: also to Prelude SIEM, it is possible to add more operational security modules to build a Security Operation Center (SOC)
MAP: Real-time cartography of the IT parc with security indicators. It is possible to drill down and made physical, logical or risk management representations
VULN: Vulnerability scanner based on OpenVAS. It is possible to use it inside the correlator to make cross-correlation
ASSET: Asset management based on GLPi (assets, tickets, workflow, etc.)
REPORT: Business Intelligence reporting
References
External links
Official Website
Prelude SIEM OSS
Five questions about Prelude SIEM
Kata Kunci Pencarian:
- Prelude SIEM (Intrusion Detection System)
- Prelude
- LogRhythm
- Incident Object Description Exchange Format
