| Original author(s) | Yoann Vandoorselaere |
|---|---|
| Developer(s) | PreludeIDS Technologies |
| Initial release | 1998 |
| Stable release | 1.0 |
| Operating system | Linux, BSD, Windows |
| Type | Security information management |
| License | GNU General Public License |
| Website | prelude-ids.org |
Prelude is an "agentless", universal, security information management (SIM) system, released under the terms of the GNU General Public License.
Prelude collects, normalizes, sorts, aggregates, correlates and reports all security-related events independently of the product brand or license giving rise to such events by normalizing them to a single format called the "Intrusion Detection Message Exchange Format" (RFC 4765).
While a malicious user (or software) may be able to evade the detection of a single IDS (NIDS, HIDS, etc.), it becomes exponentially more difficult to get around the defenses when there are multiple protection mechanisms. Prelude comes with a large set of sensors, each of them monitoring different kind of events. Prelude permits alert collection to WAN scale, whether its scope covers a city, a country, a continent or the world.
Prelude claims that it is a SIM system capable of inter-operating with all the systems available on the market[1]. It is "natively compatible" with: AuditD, Nepenthes, NuFW, OSSEC, Pam, Samhain, Sancp, and Snort but you can write your own sensors or utilize some of the 3rd party sensors that are available.