Project

General

Profile

Prewikka Manual

Table of Contents

Overview

Prewikka is the official Prelude User Interface. The Prewikka interface is a web GUI compatible with IE >= 9, Firefox >= 18, Chrome >= 26.
Prewikka is open source and is released under GPLv2 license. Prewikka has been developped in Python language.
Prelude supports real-time visualization of data thanks to Prewikka which provides automatic reloading of the alert listing.
PrewikkaPro, the commercial version of Prewikka provides additional functionalities. It is available through the Prelude SIEM website.

Caution: All Prewikka and PrewikkaPro functionalities are listed in this manual. So if you don't see all these functionalities on your own system, this is because either you use Prewikka and you are reading about a PrewikkaPro functionality, or you don't have the necessary permissions in Prewikka to see / use it.

Core Features

Below are listed the Prewikka and PrewikkaPro main functionalities. More details and pictures are available on the Prelude SIEM website.

Prewikka functionality

  • Advanced Aggregation System
  • Filter creation
  • Sensor monitoring
  • Alert listing automatic refresh
  • Plugins architecture
  • Themes

PrewikkaPro functionality

PrewikkaPro is the commercial version of Prewikka.
  • Permission management
  • Advanced Ticket System
  • Graphical Fully Interactive Statistics
  • Graphical Fully Interactive Forensic
  • Reporting (PCI DSS, vulnerabilities, ...)
  • Ability to Create Virtual Alert "Views"
  • Expert alert listing
  • Alert Listing PDF Export
  • Users and groups management
  • Secured Authentication from LDAP server
  • System command
  • Graphical LML and Correlator edition

Getting Started

Technical Requirements

Before you begin using the Prewikka interface, ensure that you have the required software installed and configured on your system as follows:

1. A current Web browser on your computer
Prewikka is compatible with:

You may encounter problems if you try to access Prewikka using old Web browser versions.

2. Enable Java Script and cookie support on your Web browser
Both Java Script and cookie support must be enabled in the security settings of your browser and is usually turned on by default. If you encounter problems accessing the system, check your browser configuration to ensure both Java Script support and cookie support are enabled as follows:
  • IE: Click Tools > Internet Options > Privacy and Security tabs
  • Firefox: Click Tools > Options > Privacy and Web Features tabs
3. Network access to a server that is running the Prewikka software
Your system or network administrator can provide you with a Web address (URL) from which the system can be accessed.

Accessing Prewikka

Prewikka is a web application and can be accessed using a Web browser. Refer to the Prelude Installation Guide for the access procedure according to the used HTTP server.

The first step to access the GUI is the authentication with the URL http://IP-of-your-Prelude/.
The default administrator credentials are the following:
  • Login: admin;
  • Password: admin.
Once authenticated, the dashboard general page appears. There are several sections on this interface:
  • The navigation menu;
  • The control menu;
  • Page tabs;
  • The page content.
    All Prelude GUI pages will be described more precisely below.

Control menu

The control menu is used to change view parameters and to apply or save configurations.

Each control menu field is explained in the following table.

Field Features
Filter Allows you to select an IDMEF filter that was previously defined. The selected filter can be applied to the current view by clicking on the Apply button. Filter creation is described in Filters tab section.
Refresh Configures the refresh interval for every pages where this menu is visible: enter the interval (minutes or seconds) and click on the Apply button to configure the refresh.
Period Selects a period to show only information on alerts that were generated during the corresponding time interval. The time interval can be defined by minutes, hours, days, months or years. Example: if you select “n” months, data from the last “n” months will be displayed (including the current month).
Time information Information about the current time interval.
Search You can click on the search button representing a magnifying glass to apply your configuration.

By clicking on the search button, the new parameters are automatically saved for the current user, so that they can be retrieved when accessing the same page later.


Note: The time parameters are saved globally, allowing to browse between pages while keeping the same time period.


At the control menu’s left, two buttons are available:
  • The cog: this button corresponds to the view parameters. By clicking on it, additional view-specific options can be configured. This button is not clickable when the view has no specific option.
  • The question mark: this button corresponds to the online help. By clicking on it, an external window containing the contextual help of the current page opens.

Note: The online help is also available in the menu “?” -> “Help”


Prewikka menu

The navigation menu is displayed on the upper left part of the GUI. The order in which sections are displayed can be specified in the configuration file (/etc/prewikka/menu.yml). Navigation menu sections are grouped in three entries by default (ALERT, ADMIN and “?”). Clicking on one of these menus shows the associated sections.

Setting Your Preferences

On your My Account page (click on the user on the top right side of the screen), you can view the settings.
As a user, you can edit some of these settings, such as your preferred language and your theme.

To set your language, click your User Name link located at the top right side of the page.

1. Language setting

Choose the appropriate language:

German, English, Spanish, French, Italian, Polish, Portuguese (Brazilian), Russian

Session Timeout

For security reasons, the system automatically logs you out of the interface if you don't perform any tasks during one hour (default configuration).

This doesn't happen if the alert listing automatic refresh is activated and the refresh time is less than one hour.

Using Prewikka

The navigation menu is displayed on the upper left part of the GUI. The order in which sections are displayed can
be specified in the configuration file (/etc/prewikka/menu.yml). Navigation menu sections are
grouped in three entries by default (ALERT, ADMIN and “?”). Clicking on one of these menus
shows the associated sections.

ALERT menu

The ALERT menu is composed of three sections. Each section tab will be detailed below.

Alerts section

The Alerts section allows you to see and manage your security alerts.

There are two tabs by default:

Alert tab
Aggregated alerts

In order to learn how to use the Alerts section, see the Detailed Alerts section page

Threats section

The Threats section allows you to see and manage your security threats.

There are two tabs by default:

Threats tab
Aggregated threats

Agents section

The Agents section allows you to manage and monitor your agents.

There are three tabs by default:

Agents tab
Heartbeats tab
Aggregated heartbeats

ADMIN menu

The ADMIN menu regroups Prelude SIEM administration and configuration features. The ADMIN menu contains two sections:

Configuration section

The Configuration section allows you to manage automatic task.

There are one tab by default:

Scheduling tab

In order to learn how to use the Configuration section, see the Detailed ADMIN menu page

Preferences section

The Preferences section allows you to manage, your filters and your account.

There are two tabs by default:

My account tab
Filters tab
  • Allows operators to create their own advanced filters based on alerts, heartbeats or logs.

In order to learn how to use the Preferences section, see the Detailed Filters tab page

? menu

This menu gives access to Apps and About sections.

Apps section

In the Apps section, you will find the installed apps list. See the Detailed Apps section page

About section

In the About section, you will find the version of your Prewikka software, a description of the services provided by the CS company, and the company contact details.