Other articles

1. Prelude Correlator in Debian

   The Prelude Correlator is now packaged in Debian.

   From the description of the package:

   Prelude is a general-purpose hybrid intrusion detection system.
   .
   This package provides the Prelude Correlator, which is a powerful
   correlation engine using Lua to write correlation rules.
   .
   The features currently include:
    * Rapid identification of important security events, enabling the analyst to
      assign task priorities
    * Alert correlation originally from heterogeneous sensors deployed on the
      whole infrastructure
    * Real-time analysis of events received by the Prelude Manager
   

   You can contribute ! If you use the correlation engine, please share your correlation rules.

   Related links:

   • Technical documentation
   • Download Prelude Correlator
   • Lua official site

   read more

2. Prelude quick install

   To install Prelude, the Hybrid IDS (or Meta IDS) on Debian, on less than ten minutes, just use the packages:

   • install a database (PostgreSQL or MySQL)
   • install the Prelude manager, all needed packages will be installed automatically

   apt-get install prelude-manager
   

   • during the installation, dbconfig will ask to configure the database. Say yes, and give the parameters. dbconfig will create a new user, set a password, create the SQL schema and configure prelude-manager to use it.

   This should be enough for the manager. You will have to configure the listen address for the manager (the default is restricted to localhost) to listen on the network.

   To add agents (sensors), you have to install the package and register a new profile for each sensor.For ex:

   apt-get install prelude-lml
   apt-get install snort
   

   Create a new profile:

   prelude-admin register prelude-lml "idmef:w" <manager address> --uid 0 --gid 0
   ...
   prelude-admin register snort "idmef:w" <manager address> --uid 0 --gid 0
   ...
   

   Follow the instructions for the registration.

   Check the address of the manager in the config (global file is /etc/prelude/default/client.conf):

   server-addr = 192.168.1.1
   

   For a complete installation guide (with explanations) including the web interface Prewikka, look at the Prelude …

   read more

Page 1 / 1