Installing from VA¶
Prelude SIEM is available as a Virtual Appliance, for those who want to quickly test it without having to deal with the whole installation process.
You can download it here: Prelude VAIn this VA, you will find:
- SIEM : Prelude OSS 4.1
- Prelude LML
- Prelude Correlator
- Prelude Manager
- NIDS : Suricata
- HIDS : OSSEC
- OVF 1.0 format
- CentOS 7 64 bits
- azerty keyboard by default
- Login/password: prelude/prelude
- The prelude user account is allowed to use sudo
- It has been tested with VirtualBox and VMware Player
Run the VA¶
First of all, download the VA from this address
Depending on your installation, you may need to change the configuration of the network device from NAT to bridged to retrieve an IP address.
When the VA is running, you can access Prelude SIEM with your Web browser:
The user manual for the web interface is available here
If you want to dig into the VA, you have to login with user "prelude" and password "prelude". A command-line utility is available for administrative tasks using the command "prelude-menu".
Use the VA¶
You can send your logs to the VA for analysis through TCP/UDP port 514.
The Suricata NIDS is running inside the VA so that traffic can be mirrored and analyzed by the VA's network interface. Alerts are then available inside Prelude SIEM's web interface.
An OSSEC server is also running. You can connect your OSSEC clients to gather alerts inside Prelude SIEM and make them available through the web interface.
You can use the Prelude SIEM's boards here to get support