Table of Contents
- Prewikka Manual
- Core Features
- Getting Started
- Using Prewikka
Prewikka is the official Prelude User Interface. The Prewikka interface is a web GUI compatible with IE >= 9, Firefox >= 18, Chrome >= 26.
Prewikka is open source and is released under GPLv2 license. Prewikka has been developped in Python language.
Prelude supports real-time visualization of data thanks to Prewikka which provides automatic reloading of the alert listing.
PrewikkaPro, the commercial version of Prewikka provides additional functionalities. It is available through the Prelude SIEM website.
Below are listed the Prewikka and PrewikkaPro main functionalities. More details and pictures are available on the Prelude SIEM website.
- Advanced Aggregation System
- Filter creation
- Sensor monitoring
- Alert listing automatic refresh
- Plugins architecture
PrewikkaPro functionality¶PrewikkaPro is the commercial version of Prewikka.
- Permission management
- Advanced Ticket System
- Graphical Fully Interactive Statistics
- Graphical Fully Interactive Forensic
- Reporting (PCI DSS, vulnerabilities, ...)
- Ability to Create Virtual Alert "Views"
- Expert alert listing
- Alert Listing PDF Export
- Users and groups management
- Secured Authentication from LDAP server
- System command
- Graphical LML and Correlator edition
Before you begin using the Prewikka interface, ensure that you have the required software installed and configured on your system as follows:
Prewikka is compatible with:
1. A current Web browser on your computer
- Microsoft IE - www.microsoft.com/ie
- Firefox - www.mozilla.org/firefox
- Google Chrome - www.google.com/chrome
You may encounter problems if you try to access Prewikka using old Web browser versions.
Both Java Script and cookie support must be enabled in the security settings of your browser and is usually turned on by default. If you encounter problems accessing the system, check your browser configuration to ensure both Java Script support and cookie support are enabled as follows:
2. Enable Java Script and cookie support on your Web browser
- IE: Click Tools > Internet Options > Privacy and Security tabs
- Firefox: Click Tools > Options > Privacy and Web Features tabs
3. Network access to a server that is running the Prewikka software
Your system or network administrator can provide you with a Web address (URL) from which the system can be accessed.
Prewikka is a web application and can be accessed using a Web browser. Refer to the Prelude Installation Guide for the access procedure according to the used HTTP server.The first step to access the GUI is the authentication with the URL http://IP-of-your-Prelude/.
The default administrator credentials are the following:
- Login: admin;
- Password: admin.
- The navigation menu;
- The control menu;
- Page tabs;
- The page content.
All Prelude GUI pages will be described more precisely below.
The control menu is used to change view parameters and to apply or save configurations.
Each control menu field is explained in the following table.
|Filter||Allows you to select an IDMEF filter that was previously defined. The selected filter can be applied to the current view by clicking on the Apply button. Filter creation is described in Filters tab section.|
|Refresh||Configures the refresh interval for every pages where this menu is visible: enter the interval (minutes or seconds) and click on the Apply button to configure the refresh.|
|Period||Selects a period to show only information on alerts that were generated during the corresponding time interval. The time interval can be defined by minutes, hours, days, months or years. Example: if you select “n” months, data from the last “n” months will be displayed (including the current month).|
|Time information||Information about the current time interval.|
|Search||You can click on the search button representing a magnifying glass to apply your configuration.|
By clicking on the search button, the new parameters are automatically saved for the current user, so that they can be retrieved when accessing the same page later.
Note: The time parameters are saved globally, allowing to browse between pages while keeping the same time period.
At the control menu’s left, two buttons are available:
- The cog: this button corresponds to the view parameters. By clicking on it, additional view-specific options can be configured. This button is not clickable when the view has no specific option.
- The question mark: this button corresponds to the online help. By clicking on it, an external window containing the contextual help of the current page opens.
Note: The online help is also available in the menu “?” -> “Help”
The navigation menu is displayed on the upper left part of the GUI. The order in which sections are displayed can be specified in the configuration file (/etc/prewikka/menu.yml). Navigation menu sections are grouped in three entries by default (ALERT, ADMIN and “?”). Clicking on one of these menus shows the associated sections.
Setting Your Preferences¶
On your My Account page (click on the user on the top right side of the screen), you can view the settings.
As a user, you can edit some of these settings, such as your preferred language and your theme.
To set your language, click your User Name link located at the top right side of the page.
1. Language setting
Choose the appropriate language:
German, English, Spanish, French, Italian, Polish, Portuguese (Brazilian), Russian
For security reasons, the system automatically logs you out of the interface if you don't perform any tasks during one hour (default configuration).
This doesn't happen if the alert listing automatic refresh is activated and the refresh time is less than one hour.
The navigation menu is displayed on the upper left part of the GUI. The order in which sections are displayed can
be specified in the configuration file (/etc/prewikka/menu.yml). Navigation menu sections are
grouped in three entries by default (ALERT, ADMIN and “?”). Clicking on one of these menus
shows the associated sections.
The ALERT menu is composed of three sections. Each section tab will be detailed below.
The Alerts section allows you to see and manage your security alerts.
There are two tabs by default:
- Displays the alerts listing. See the Detailed alert tab page
- Displays the list of alerts in an aggregated way. See the Detailed aggregated alerts tab page
In order to learn how to use the Alerts section, see the Detailed Alerts section page
The Threats section allows you to see and manage your security threats.
There are two tabs by default:
- Displays the threats listing. See the Detailed Threats tab page
- Displays the list of threats in an aggregated way. See the Detailed Threats tab page
The Agents section allows you to manage and monitor your agents.
There are three tabs by default:
- Displays the agents listing. See the Detailed Agents tab page
- Displays the heartbeats listing. See the Detailed Heartbeats tab page
- Displays the list of heartbeats in an aggregated way. See the Detailed Aggregated heartbeats tab page
The ADMIN menu regroups Prelude SIEM administration and configuration features. The ADMIN menu contains two sections:
The Configuration section allows you to manage automatic task.
There are one tab by default:
- Lists all tasks that can be scheduled for a periodic execution. See the Detailed Scheduling section page
In order to learn how to use the Configuration section, see the Detailed ADMIN menu page
The Preferences section allows you to manage, your filters and your account.
There are two tabs by default:
My account tab¶
- Allows you to set your preferences and see your permissions. See the Detailed My account tab page
- Allows operators to create their own advanced filters based on alerts, heartbeats or logs.
In order to learn how to use the Preferences section, see the Detailed Filters tab page
This menu gives access to Apps and About sections.
In the Apps section, you will find the installed apps list. See the Detailed Apps section page
In the About section, you will find the version of your Prewikka software, a description of the services provided by the CS company, and the company contact details.