Prelude SIEM (Intrusion Detection System)
   HOME

TheInfoList



Click Here for Items Related To - Prelude SIEM (Intrusion Detection System)
OR:
Prelude SIEM (Intrusion Detection System) on:   [Wikipedia]   [Google]   [Amazon]

Prelude SIEM is a
Security information and event management Security information and event management (SIEM) is a field within the field of computer security, where software products and services combine security information management (SIM) and security event management (SEM). They provide real-time ana ...
(SIEM). It is a tool for driving IT security. Prelude SIEM collects and centralizes information about the company's IT security to offer a single point of view to manage it. Thanks to its logs and flows analyzer, Prelude SIEM create alerts about intrusions and security threats in the network in real-time. Prelude SIEM provides multiple tools to do forensic reporting on Big Data and Smart Data to identify weak signals and
Advanced Persistent Threat An advanced persistent threat (APT) is a stealthy threat actor, typically a nation state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period. In recent times, the term may ...
(APT). Finally, Prelude SIEM embeds all tools for the exploitation phase to make work easier for operators and help them with risk management. While a malicious user (or software) may be able to evade the detection of a single IDS (NIDS, HIDS, etc.), it becomes exponentially more difficult to get around the defenses when there are multiple protection mechanisms. Prelude SIEM comes with a large set of sensors, each of them monitoring different kinds of events. Prelude SIEM permits alert collection to the WAN scale, whether its scope covers a city, a country, a continent or the world. Prelude SIEM is a SIEM system capable of inter-operating with all the systems available on the market. It implement natively the
Intrusion Detection Message Exchange Format Used as part of computer security, IDMEF (''Intrusion Detection Message Exchange Format'') is a data format used to exchange information between software enabling intrusion detection, intrusion prevention, security information collection and managem ...
(IDMEF, RFC 4765) format which start to be demanded all around the world. In this way, it is natively IDMEF compatible with OpenSource IDS: AuditD, Nepenthes,
NuFW NuFW is a software package that extends Netfilter, the Linux kernel-internal packet filtering firewall module. NuFW adds authentication to filtering rules. NuFW is also provided as a hardware firewall, in the EdenWall firewalling appliance. NuFW h ...
,
OSSEC OSSEC (Open Source HIDS SECurity) is a free, open-source host-based intrusion detection system (HIDS). It performs log analysis, integrity checking, Windows registry monitoring, rootkit detection, time-based alerting, and active response. It pro ...
, Pam,
Samhain Samhain ( , , , ; gv, Sauin ) is a Gaelic festival on 1 NovemberÓ hÓgáin, Dáithí. ''Myth Legend and Romance: An Encyclopaedia of the Irish Folk Tradition''. Prentice Hall Press, 1991. p. 402. Quote: "The basic Irish division of the year ...
, Sancp, Snort, Suricata, Kismet, etc. but anyone can write its own IDS or use some of the 3rd party sensors available, given Prelude SIEM's open APIs and libraries. Since 2016, with the "Prelude IDMEF Partner Program", Prelude SIEM is now also IDMEF compatible with many commercial IDS. Prelude SIEM provides all SIEM functions through three modules: ALERT (SEM), ANALYZE and ARCHIVE (SIM) and is so the only one true SIEM alternative on the market. Plus, Prelude SIEM promotes the use of IETF security standards through the SECEF project and the "Prelude IDMEF Partner Program".


History

* 1998 : Creation of an IDS project by Yoann Vandoorselaere: Prelude IDS * 2002 : Prelude becomes a Hybrid IDS * 2005 : Creation of the company Prelude-Technologies * 2009 : The INL Society acquires Prelude-Technologies * 2009 : INL become Edenwall Technologies * 18/08/2011 : Edenwall Technologies is declared for suspended payments, Prelude-IDS software, the company, and the brand are on sale. * 13/10/2011 : CS ( Communication & Systems), Edenwall partner, buy Prelude-IDS * 2012 : Opening of the websites: www.prelude-ids.org and www.prelude-ids.com (Now www.prelude-siem.com) * 2012 : Release of the new version Prelude OSS 1.1 and Prelude Enterprise 1.1 * 2014 : Release of Prelude Enterprise V2 * 2014 : Prelude IDS becomes Prelude SIEM and Prelude Enterprise becomes Prelude SOC * 2015 : Prelude SIEM received the award of "France Cybersecurity" (French cybersecurity) * 2016 : Prelude SIEM launch the "Prelude IDMEF Partner Program" * 2016 : Prelude SIEM OSS (Community version) received the award of
OW2 OW2 is an independent non-profit international consortium dedicated to developing open-source software code infrastructure for middleware information systems. OW2 federates IT vendors and users, universities, and research centers from Europe, A ...
for its community * 2017 : Release of Prelude SIEM 4.0, results of two years of research and developments efforts * 2017 : New packaging of Prelude SIEM available
Machine virtuelle


Functions

Prelude SIEM collects, normalizes, sorts, aggregates, correlates and displays all security events regardless of the types of surveillance equipment. Beyond its capacity for processing of all types of event logs (system logs, syslog, flat files, etc.), Prelude SIEM is natively compatible with many IDS. Prelude SIEM main characteristics are the following: * Built on an open-source core (Python, C), light web client 2.0 * "Agent-less" operation * Compliant with
Intrusion Detection Message Exchange Format Used as part of computer security, IDMEF (''Intrusion Detection Message Exchange Format'') is a data format used to exchange information between software enabling intrusion detection, intrusion prevention, security information collection and managem ...
(IDMEF, RFC 4765),
Incident Object Description Exchange Format Used for computer security, IODEF (''Incident Object Description Exchange Format'') is a data format which is used to describe computer security information for the purpose of exchange between Computer Security Incident Response Teams ( CSIRTs). ...
(IODEF, RFC 5070),
HTTP The Hypertext Transfer Protocol (HTTP) is an application layer protocol in the Internet protocol suite model for distributed, collaborative, hypermedia information systems. HTTP is the foundation of data communication for the World Wide Web, ...
,
XML Extensible Markup Language (XML) is a markup language and file format for storing, transmitting, and reconstructing arbitrary data. It defines a set of rules for encoding documents in a format that is both human-readable and machine-readable. T ...
, SSL standards * Smart Data : Smart correlation of security events * Big Data : Collect, Storage and index of logs * Modular, flexible and resilient * Hierarchical and decentralized architecture


Prelude SIEM Community version

Prelude SIEM OSS has been designed in a scalable way to simply adapt to any environment. it is a free, public and open-source version (GPLV2) for small IT Infrastructures, tests and educational purposes. The open-source version is composed of the following main modules: * Manager: which receives and stores alerts into the database * LibPrelude: connect each IDMEF agents to Prelude SIEM * LibPreludeDB: high-speed database insertion module * Correlator: event correlation module * LML (Log Management Lackey): detect and normalize important logs * Prewikka: web Graphical User Interface (GUI) These modules are the base of the ALERT module in the commercial version. The commercial version also adds many functionalities to these modules and scale up the performances and architecture possibilities.


Prelude SIEM and Prelude SOC

Prelude SIEM (commercial version) is a scalable, professionally usable and high-performance version of Prelude, for real-world environments. Prelude SOC is fully scaled version, mainly for SOC (''Security Operations Center'') usage. The commercial versions are organized like this: * Prelude SIEM: SIEM for enterprise with modules: ALERTE, ANALYSE, and ARCHIVE ** ALERTE: Storage, Detection, Normalization, Correlation, Aggregation, Real-time Notification ** ANALYSE: Analyze, Reporting and Compliance ** ARCHIVE: Storage, Indexation of logs and flows for forensic * Prelude SOC: also to Prelude SIEM, it is possible to add more operational security modules to build a
Security Operation Center A security operations center (SOC) is responsible for protecting an organization against cyber threats. SOC analysts perform round-the-clock monitoring of an organization’s network and investigate any potential security incidents. If a cybe ...
(SOC) ** MAP: Real-time cartography of the IT parc with security indicators. It is possible to drill down and made physical, logical or risk management representations. ** VULN: Vulnerability scanner based on
OpenVAS OpenVAS (''Open Vulnerability Assessment System'', originally known as ''GNessUs'') is the scanner component of Greenbone Vulnerability Manager (GVM), a software framework of several services and tools offering vulnerability scanning and vulnerab ...
. It is possible to use it inside the correlator to make cross-correlation ** ASSET: Asset management based on GLPi (assets, tickets, workflow, etc.) ** REPORT: Business Intelligence reporting.


References


External links


Official Website

Prelude SIEM OSS

Five questions about Prelude SIEM
{{DEFAULTSORT:Prelude SIEM Computer network security Linux security software Unix security-related software Intrusion detection systems