Project

General

Profile

Installing from VA

Information

Prelude SIEM is available as a Virtual Appliance, for those who want to quickly test it without having to deal with the whole installation process.

You can download it here: Prelude VA

In the Prelude OSS VA, you will find:

  • SIEM : Prelude OSS modules :
    • Prelude LML (Log Analyser)
    • Prelude Correlator
    • Prelude Manager
    • Prewikka (GUI)
Technical information about the VA:
  • ISO format
  • CentOS 7 64 bits
  • Linux credentials: prelude/prelude (allowed to use sudo)
  • GUI credentials: admin/admin
  • It has been tested with VirtualBox and VMware Player

Getting started

Run the VA

First of all, download the latest Prelude OSS VA from this address

Depending on your installation, you may need to change the configuration of the network device from NAT to bridged to retrieve an IP address.

When the VA is running, you can access Prelude SIEM with your Web browser:

http://<your IP>

The user manual for the web interface is available here

If you want to dig into the VA, you have to login with user "prelude" and password "prelude".

A command-line utility is available for administrative tasks using the command "admin-menu".

Use the VA

You can send your logs to the VA for analysis through TCP/UDP port 514.

The Suricata NIDS is running inside the VA so that traffic can be mirrored and analyzed by the VA's network interface. Alerts are then available inside Prelude SIEM's web interface.

An OSSEC server is also running. You can connect your OSSEC clients to gather alerts inside Prelude SIEM and make them available through the web interface.

Help !

You can use the Prelude SIEM's boards here to get support

PreludeOSS52-HTTPS-Login.PNG View (18.9 KB) Gilles LEHMANN, 07/07/2020 12:56 PM