|
|
Welcome to the Prelude Hybrid IDS project
|
|
Prelude is an Hybrid IDS framework, that is, it is a product that enable all available security application, be it opensource or proprietary, to report to a centralized system. In order to achieve this task, Prelude relies on the IDMEF (Intrusion Detection Message Exchange Format) IETF standard, that enables different kinds of sensors to generate events using an unified language.
Prelude benefits from its ability to find traces of malicious activity from different sensors (Snort, honeyd, Nessus Vulnerability Scanner, Samhain, over 30 types of systems logs, and many others) in order to better verify an attack and in the end to perform automatic correlation between the various events.
Prelude is committed to providing an Hybrid IDS that offers the ability to unify currently available tools into one, powerful, and distributed application.
Please refer to the Documentation page for more information about the project.
|
|
 |
|
|
New prelude sensor: auditd
Posted on 2008-02-06 11:32:51
|
|
Steve Grubb from Redhat wrote the prelude plugin for auditd, the SELinux daemon which logs policies violations.
The plugin can currently detect and message: Apps that terminate abnormally (gcc stack overflow/glibc FORTIFY_SOURCE/plain old segfault), SE Linux AVCs, Logins, MAX failed login attempts reached, MAX concurrent sessions reached. This is all done in real-time and not based on a cron job. The audit daemon is capable of being run directly from init if you wanted to do it that way.
The package, installation instructions are available at: http://people.redhat.com/sgrubb/audit/.
If you run fedora core 8, you can try it easily by running:
To do testing on Fedora rawhide (which will become Fedora 9), you will need to put selinux in permissive mode, "setenforce 0".
More information available in Steve’s auditd+prelude HOWTO.
|
|
|
|
|
New prelude sensor: Ossec
Posted on 2007-10-08 11:44:10
|
|
OSSEC HIDS is a host based intrusion detection system that performs log
analysis, integrity checking, Windows registry monitoring, rootkit
detection, real-time alerting and active response.
It is now able to communicate and use all the features of the Prelude IDS
framework. You can find more informations about this in the email that I
sent on the mailing list here.
Please test and report bugs, so that the upcoming release will have a
strong and rocking prelude support.
|
|
|
|
|
IDMEF draft released as RFC 4765
Posted on 2006-11-21 12:38:19
|
The wait is over! IDMEF has been released as experimental RFC 4765. Check it out!
rfc4765
RFC 4765 - IDMEF Draft
|
|
|
|
|
Prelude on OpenBSD
Posted on 2006-06-27 15:23:24
|
|
Prelude has been imported in the OpenBSD ports tree. This long overdue addition allows to build the different parts of Prelude (libprelude, manager, etc.) from sources, and binary packages are also available, as the rest of the tree.
The port has the following layout:
 security/prelude/libprelude
security/prelude/libpreludedb
security/prelude/manager
security/prelude/lml
security/prelude/pflogger
security/prelude/prewikka
Several flavors of libpreludedb are available, for PostgreSQL, MySQL and SQLite DBMS.
The OpenBSD package system documentation is available at:
http://www.openbsd.org/faq/faq15.html
|
|
|
|
|
Prelude Correlation!
Posted on 2006-03-01 14:00:50
|
|
For about one week now, an important albeit unnoticed correlation effort have been going on. The outcome of this work (in progress, but already working and robust) is available in the Prelude SVN repository SEC module http://svn.prelude-ids.org/trunk/sec.
We are very much looking for people to contribute useful correlation rules at this stage.
More information in the mailing list post
.
|
|
|
|
|
New Prelude sensor: mwcollect
Posted on 2005-12-05 01:43:28
|
|
The Honeynet Project has just released mwcollect 3.0.1 featuring Prelude IDS support.
mwcollect is a UNIX daemon dedicated to collecting in-the-wild malware spreading using known exploits.
mwcollect
Download
|
|
|
|
|
Prelude Hybrid IDS suite 0.9.0 released
Posted on 2005-09-20 13:49:02
|
|
After several years of development, the Prelude team is pleased to announce the public release of version 0.9.0 of the Prelude Hybrid Intrusion Detection System.
|
|
|
Prelude Hybrid IDS suite 0.9.0 release announcement
|
|
New Prelude sensor: Shadow NIDS
Posted on 2005-09-06 10:34:44
|
|
Robin Gruyters has contributed a patch for Shadow to report events to the Prelude-IDS system.
Shadow is the result of a project that was originally called the Cooperative Intrusion Detection Evaluation and Response (CIDER) project. It was an effort of NSWC Dahlgren, NFR, NSA, the SANS community and other interested parties to locate, document, and improve security software.
We are looking for user feedback with the current instance of the patch, which is available at https://trac.prelude-ids.org/ticket/98. Please give your feedback on the opened ticket.
|
|
|
|
|
New Prelude sensor: Sancp
Posted on 2005-09-01 17:08:10
|
|
Frank van Vliet has contributed a patch for Sancp to report events to the Prelude-IDS system.
Sancp is a network security tool designed to collect statistical information regarding network traffic, as well as collect the traffic itself for the purpose of: auditing, historical analysis, and network activity discovery. Rules can be used to distinguish normal from abnormal traffic and support tagging connections with: rule id, node id, and status id.
We are looking for user feedback with the current instance of the patch, which is available at https://trac.prelude-ids.org/ticket/91. Please give your feedback on the opened ticket.
|
|
|
|
|
Samhain 2.0.7 available, with full Prelude support
Posted on 2005-06-13 10:32:50
|
|
Samhain 2.0.7 has just been released, including full Prelude 0.9
support, with a great number of improvement over previous Samhain
version supporting Prelude.
|
|
|
Download Samhain
|
|
Official Prelude Support Added to Snort CVS
Posted on 2005-04-29 00:00:00
|
|
Prelude support has officially been added to the Snort 2.4 branch.
By using —enable-prelude during configuration you will be able to add the ability to report alerts to Prelude.
|
|
|
Snort website
|
|
PAM 0.79 released with Prelude support
Posted on 2005-03-31 19:01:19 |
|
PAM (Pluggable Authentication Modules for Linux) 0.79, which include Prelude 0.9 support, has just been released:
Announcement.
|
|
Prelude-IDS suite 0.9.0-rc1 released.
Posted on 2005-03-30 00:00:00 |
|
After several years of development, the Prelude team is pleased to announce the public release candidate 1 of version 0.9.0 of the Prelude Hybrid Intrusion Detection System.
|
|
|
Anonymous SVN repository access protocol change
Posted on 2005-03-14 13:00:18 |
|
In order to access the Prelude repository as an anonymous user, you should now use http://svn.prelude-ids.org instead of https://svn.prelude-ids.org.
This change has been made because of problem in the way SVN request credentials.
|
|
Prelude in the News
Posted on 2003-09-25 23:04:00 |
|
Prelude’s lead developer, Yoann Vandoorselaere , was recently interviewed by O’Reilly’s Onlamp.com. Check out the article and see what Yoann had to say about the state of IDS.
|
|
Prelude June News Review
Posted on 2004-07-05 00:00:00 |
|
News and developments for the month of June for Prelude.
With the close of June development is closing in on the release of 0-9. Many bugs have been cleaned up from Trunk as well as many functionality improvements have been made.
NOTE: the numbers referenced by ’#’ are from tickets in Prelude Trac, for additional reference.)
|
|
|
Prelude July News Review
Posted on 2004-08-18 22:43:28 |
|
Many new improvements have been made over the month of July. With the most notable being the implementation of the administrative console. As well as many bug fixes and functionality improvements.
|
|
|
|
|
Commercial support
|
|
Commercial support and professional services are available from the PreludeIDS Technologies company.
|
|
|
Poll - usage
|
|
If you are running Prelude, we’d very much like to hear from you.
Please take some time to fill this form.
|
|
|
Official, acknowledged Software
|
|
|
|
|
