The Prelude Correlator is now packaged in Debian.
From the description of the package:
Prelude is a general-purpose hybrid intrusion detection system.
This package provides the Prelude Correlator, which is a powerful
correlation engine using Lua to write correlation rules.
The features currently include:
* Rapid identification of important security events, enabling the analyst to
assign task priorities
* Alert correlation originally from heterogeneous sensors deployed on the
* Real-time analysis of events received by the Prelude Manager
You can contribute ! If you use the correlation engine, please share your correlation rules.
Related links:read more