Prelude is divided in several components. Sensors are responsible for intrusion detection, and report alerts in a centralized fashion using a TLS connection to a 'prelude-manager' server. The prelude-manager server can then process these alerts and deliver them to an user-specified media (mysql database, postgresql database, XML file, any format provided there is a report plugin for it).
The Prelude console can then be used to view these alerts.
Here is a simple example of how the different Prelude components interact:
Architecture overview with commercial extension¶
You can do decentralized architecture with the commercial extension available from CS-SI like this :
Please check the Corporate Modules page for more information.