Prelude Components

The Prelude Universal SEM system is distributed, meaning it comprises multiple modular elements.

Prelude Manager

Prelude-Manager is a high availability server that accepts secured connections from distributed sensors and/or other Managers and saves received alerts to a media specified by the user (database, log file, mail etc.). The server schedules and establishes the priorities of treatment according to the critical character and the source of the alerts.
The Prelude Manager is a concentrator capable of handling large number of connections, and processing large amounts of alerts. It uses a per client scheduling queues in order to process alerts by severity fairly across clients.
The Prelude Manager comes with multiple plugins like filtering plugins (idmef-criteria, thresholding, etc.) or reporting plugins like the SMTP plugin which automatically sends emails containing a textual description of alerts to a configured list of recipients.

See the Prelude Manager Page to learn more about Prelude Manager Configuration.


Libprelude is a library that guarantees secure connections between all sensors and the Prelude Manager. Libprelude provides an Application Programming Interface (API) for the communication with Prelude sub-systems, it supplies the necessary functionality for generating and emitting IDMEF alerts with Prelude and automates the saving and re-transmission of data in times of temporary interruption of one of the components of the system.
Libprelude also makes it easy for third party software to be made "Prelude Aware" (able to communicate with Prelude components). This library provides common, useful features used by every sensor.


The PreludeDB Library provides an abstraction layer upon the type and the format of the database used to store IDMEF alerts. It allows developers to use the Prelude IDMEF database easily and efficiently without worrying about SQL, and to access the database independently of the type/format of the database.


Prelude-LML is a log analyser that allows Prelude to collect and analyze information from all kind of applications emitting logs or syslog messages in order to detect suspicious activities and transform them into Prelude-IDMEF alerts. Prelude-LML handles alerts generated by a large set of applications, see the Compatibility Page to learn more.

See the Prelude-LML Page to learn more about Prelude-LML Configuration.


Prelude-Correlator allows conducting multistream correlations thanks to a powerful programming language for writing correlation rules. Prelude-Correlator is a Python rules based correlation engine. It has the ability to connect and fetch alerts from a remote Prelude-Manager server, and correlate incoming alerts based on the provided ruleset. Upon successful correlation, IDMEF correlation alerts are raised.

See the Prelude-Correlator Page to learn more about Prelude-Correlator.


Prewikka is the official web Graphical User Interface (GUI) for the Prelude Universal SEM system. Providing numerous features, Prewikka facilitates the work of users and analysts. Prewikka also provides access to external tools such as whois and traceroute.

See the Prewikka Manual to learn more about Prewikka.