Prelude Hybrid IDS
Encyclopedia
Prelude is an "agentless", universal, security information management
(SIM) system, released under the terms of the GNU General Public License
.
Prelude collects, normalizes, sorts, aggregates, correlates and reports all security-related events independently of the product brand or license giving rise to such events by normalizing them to a single format called the "Intrusion Detection Message Exchange Format" (RFC 4765).
While a malicious user (or software) may be able to evade the detection of a single IDS (NIDS, HIDS, etc.), it becomes exponentially more difficult to get around the defenses when there are multiple protection mechanisms. Prelude comes with a large set of sensors, each of them monitoring different kind of events. Prelude permits alert collection to WAN scale, whether its scope covers a city, a country, a continent or the world.
Prelude claims that it is a SIM system capable of inter-operating with all the systems available on the market. It is "natively compatible" with: AuditD, Nepenthes, NuFW
, OSSEC
, Pam, Samhain
, Sancp, and Snort
but you can write your own sensors or utilize some of the 3rd party sensors that are available.
Security Information Management
Security information management is the industry-specific term in computer security referring to the collection of data into a central repository for trend analysis...
(SIM) system, released under the terms of the GNU General Public License
GNU General Public License
The GNU General Public License is the most widely used free software license, originally written by Richard Stallman for the GNU Project....
.
Prelude collects, normalizes, sorts, aggregates, correlates and reports all security-related events independently of the product brand or license giving rise to such events by normalizing them to a single format called the "Intrusion Detection Message Exchange Format" (RFC 4765).
While a malicious user (or software) may be able to evade the detection of a single IDS (NIDS, HIDS, etc.), it becomes exponentially more difficult to get around the defenses when there are multiple protection mechanisms. Prelude comes with a large set of sensors, each of them monitoring different kind of events. Prelude permits alert collection to WAN scale, whether its scope covers a city, a country, a continent or the world.
Prelude claims that it is a SIM system capable of inter-operating with all the systems available on the market. It is "natively compatible" with: AuditD, Nepenthes, NuFW
NuFW
NuFW is a GPL extension to Netfilter . It adds authentication to filtering rules. NuFW is also provided as a hardware firewall, in the EdenWall firewalling appliance.- Introduction :...
, OSSEC
OSSEC
OSSEC is a free, open source host-based intrusion detection system . It performs log analysis, integrity checking, Windows registry monitoring, rootkit detection, time-based alerting and active response. It provides intrusion detection for most operating systems, including Linux, OpenBSD, FreeBSD,...
, Pam, Samhain
Samhain (software)
Samhain is an integrity checker and host intrusion detection system that can be used on single hosts as well as large, UNIX-based networks. It supports central monitoring as well as powerful stealth features to run undetected in memory, using steganography.-Main features:* Complete integrity...
, Sancp, and Snort
Snort (software)
Snort is a free and open source network intrusion prevention system and network intrusion detection system , created by Martin Roesch in 1998...
but you can write your own sensors or utilize some of the 3rd party sensors that are available.