Prelude Components Installation¶
- Prelude SIEM Official website: Download Page
- Get the Framework Packages:
- Libprelude: The main library, used in every program using the Prelude architecture.
- Libpreludedb: The library which retrieves IDMEF information from the database.
- Prelude-Manager: The program sensors are connected to, and delivering alerts to.
- Get the Interface:
- Prewikka: The official frontend. It collects information from the database and represents it in tables and graphs.
- Get the Correlation Engine:
- Prelude Correlator: The Prelude correlation engine. It allows conducting multistream correlations thanks to a powerful programming language for writing correlation rules.
- Get the Sensors:
- Prelude-LML: A sensor to monitor logfiles using predefined rulesets.
- Auditd: The Linux Audit Daemon.
- Nepenthes: A versatile tool to collect malware.
- NuFW: An identity access management solution at the network level.
- OSSEC: An Open Source Host-based Intrusion Detection System.
- Linux-PAM: Linux Pluggable Authentication Modules.
- Samhain: A file integrity checker.
- SanCP: A network traffic statistical information collector
- Snort: The Defacto Standard Open Source IDS.
- Libprelude is required on every systems.
- Libpreludedb and prelude-manager are required on a prelude-manager system.
- Prelude-LML and other sensors have only one requirement, libprelude.
- Prewikka requires Python bindings of both Libprelude and Libpreludedb libraries.
This chapter only talks about how to install all the modules on the same machine. If you wish to seperate components over multiple hosts, remember to always install libprelude on every host.
If you want to see how to configure a sensor to report to one or several Prelude managers, please refer to the Agent Registration page of this Manual.Targeted platforms
Targeted plateforms are :
- CentOS 6 and 7, 32 and 64 bits
- Debian 7 and 8, 32 and 64 bits
But it should work on every unix ! Also, it should work on Windows.