Prelude SIEM (Intrusion Detection System)


Prelude SIEM is a Security information and event management.
It is a tool for driving IT security. Prelude SIEM collects and centralize information about the company's IT security to offer a single point of view to manage it. Thanks to its logs and flows analyzer, Prelude SIEM create alerts about intrusions and security threats in the network in real-time. Prelude SIEM provides multiple tools to do forensic and reporting on Big Data and Smart Data to identify weak signals and Advanced Persistent Threat. Finally, Prelude SIEM embeds all tools for the exploitation phase to make works easier for operators and help them with risk management.
While a malicious user may be able to evade the detection of a single IDS, it becomes exponentially more difficult to get around the defenses when there are multiple protection mechanisms. Prelude SIEM comes with a large set of sensors, each of them monitoring different kinds of events. Prelude SIEM permits alert collection to the WAN scale, whether its scope covers a city, a country, a continent or the world.
Prelude SIEM is a SIEM system capable of inter-operating with all the systems available on the market. It implement natively the Intrusion Detection Message Exchange Format format which start to be demanded all around the world. In this way, it is natively IDMEF compatible with OpenSource IDS: AuditD, Nepenthes, NuFW, OSSEC, Pam, Samhain, Sancp, Snort, Suricata, Kismet, etc. but anyone can write its own IDS or use some of the 3rd party sensors available, given Prelude SIEM's open APIs and libraries.
Since 2016, with the "Prelude IDMEF Partner Program", Prelude SIEM is now also IDMEF compatible with many commercial IDS.
Prelude SIEM provides all SIEM functions through three modules: ALERT, ANALYZE and ARCHIVE and is so the only one true SIEM alternative on the market. Plus, Prelude SIEM promotes the use of IETF security standards through the SECEF project and the "Prelude IDMEF Partner Program".

History

Prelude SIEM collects, normalizes, sorts, aggregates, correlates and displays all security events regardless of the types of surveillance equipment. Beyond its capacity for processing of all types of event logs, Prelude SIEM is natively compatible with many IDS.
Prelude SIEM main characteristics are the following:
Prelude SIEM OSS has been designed in a scalable way to simply adapt to any environment. it is a free, public and open-source version for small IT Infrastructures, tests and educational purposes.
The open-source version is composed of the following main modules:
These modules are the base of the ALERT module in the commercial version. The commercial version also adds many functionalities to these modules and scale up the performances and architecture possibilities.

Prelude SIEM and Prelude SOC

Prelude SIEM is a scalable, professionally usable and high-performance version of Prelude, for real-world environments. Prelude SOC is fully scaled version, mainly for SOC usage.
The commercial versions are organized like this: