Project

General

Profile

Installing from VA

Information

Prelude SIEM is available as a Virtual Appliance, for those who want to quickly test it without having to deal with the whole installation process.

You can download it here: Prelude VA

In this VA, you will find:
  • SIEM : Prelude OSS 4.1
    • Prelude LML
    • Prelude Correlator
    • Prelude Manager
    • Prewikka
  • NIDS : Suricata
  • HIDS : OSSEC
Technical information about the VA:
  • OVF 1.0 format
  • CentOS 7 64 bits
  • azerty keyboard by default
  • Login/password: prelude/prelude
  • The prelude user account is allowed to use sudo
  • It has been tested with VirtualBox and VMware Player

Getting started

Run the VA

First of all, download the VA from this address

This VA is in OVF format, you need to download both the VMDK file and the OVF file.

Depending on your installation, you may need to change the configuration of the network device from NAT to bridged to retrieve an IP address.

When the VA is running, you can access Prelude SIEM with your Web browser:

http://<your IP>

The user manual for the web interface is available here

If you want to dig into the VA, you have to login with user "prelude" and password "prelude". A command-line utility is available for administrative tasks using the command "prelude-menu".

Use the VA

You can send your logs to the VA for analysis through TCP/UDP port 514.

The Suricata NIDS is running inside the VA so that traffic can be mirrored and analyzed by the VA's network interface. Alerts are then available inside Prelude SIEM's web interface.

An OSSEC server is also running. You can connect your OSSEC clients to gather alerts inside Prelude SIEM and make them available through the web interface.

Help !

You can use the Prelude SIEM's boards here to get support