Other articles

  1. Prelude Correlator in Debian

    The Prelude Correlator is now packaged in Debian.

    From the description of the package:

    Prelude is a general-purpose hybrid intrusion detection system.
    .
    This package provides the Prelude Correlator, which is a powerful
    correlation engine using Lua to write correlation rules.
    .
    The features currently include:
     * Rapid identification of important security events, enabling the analyst to
       assign task priorities
     * Alert correlation originally from heterogeneous sensors deployed on the
       whole infrastructure
     * Real-time analysis of events received by the Prelude Manager
    

    You can contribute ! If you use the correlation engine, please share your correlation rules.

    Related links:

    read more
  2. Prelude quick install

    To install Prelude, the Hybrid IDS (or Meta IDS) on Debian, on less than ten minutes, just use the packages:

    • install a database (PostgreSQL or MySQL)
    • install the Prelude manager, all needed packages will be installed automatically
    apt-get install prelude-manager
    
    • during the installation, dbconfig will ask to configure the database. Say yes, and give the parameters. dbconfig will create a new user, set a password, create the SQL schema and configure prelude-manager to use it.

    This should be enough for the manager. You will have to configure the listen address for the manager (the default is restricted to localhost) to listen on the network.

    To add agents (sensors), you have to install the package and register a new profile for each sensor.For ex:

    apt-get install prelude-lml
    apt-get install snort
    

    Create a new profile:

    prelude-admin register prelude-lml "idmef:w" <manager address> --uid 0 --gid 0
    ...
    prelude-admin register snort "idmef:w" <manager address> --uid 0 --gid 0
    ...
    

    Follow the instructions for the registration.

    Check the address of the manager in the config (global file is /etc/prelude/default/client.conf):

    server-addr = 192.168.1.1
    

    For a complete installation guide (with explanations) including the web interface Prewikka, look at the Prelude ...

    read more

Page 1 / 1