The Prelude Intrusion Detection System (IDS) was created in 1998 by information security expert Yoann Vandoorselaere. Prelude was born from the observation that while a growing number of Intrusion Detection Systems (Network based IDS - NIDS, File Integrity Checkers, Vulnerability scanners, etc.) were arriving on the market, there was no framework allowing them to work in concert and thereby boost security exponentially.

The project, called Prelude-IDS, boasts an ant as its mascot. Ants live in colonies, which has enabled them to develop excellent abilities in communication and cooperation. This, coupled with their warrior nature, makes ants the perfect symbol for a project to develop a security platform composed of distributed defence systems.

At this initial stage, Prelude comprised a NIDS (Prelude-NIDS) and a decentralised server. The licensing model selected for Prelude was a natural choice: open source (Gnu General Public license – GPL). Its author is already very active in the open source milieu, which corresponds to his ideals and allowed him to learn programming.

In 1999, MandrakeSoft (a company renamed to Mandriva then forked to OpenMandriva, took an interest in the project and came aboard as its sponsor. This sponsorship over a three year period accelerated development of the software, which became a hybrid IDS.
This meant Prelude was now capable of processing data from both NIDS and HIDS. Once an innovative concept, Prelude had attained the status of an innovative solution.

In order to allow different security tools on the market to interact with each other, it became necessary to create a single communication format. At the initiative of IETF and with the participation of the Prelude team, the "Intrusion Detection Message Exchange Format" (IDMEF) project was launched in 2001.

In 2004, the Switzerland-based company Dreamlab ( became a supporting partner in the project.

In 2005, the growing success of Prelude led to the founding of a new company – PreludeIDS Technologies. This enterprise made it possible to meet new demands for related services (support, development, etc.) and to spur development of the software. Dreamlab was the company's first commercial partner.

Given the major advances made on the IDMEF project, universal interoperability became the priority. The Prelude team decided to depreciate Prelude-NIDS in favor of an external NIDS: Snort.

In 2007, IDMEF was officially ratified and became the international standard in intrusion detection message exchange. Prelude became an IDS Framework.

The release of its multistream correlation engine has brought new impetus to Prelude's development in 2008, paving the way for the release of version 1.0 and marking the 10th anniversary of innovation and cooperation on the Prelude project.

Today, Prelude has become a universal Security Information Management (SIM) system. Prelude collects, normalizes, sorts, aggregates, correlates and reports all security-related events independently of the product brand or license giving rise to such events; Prelude is "agentless". As well as being capable of recovering any type of log (system logs, syslog, flat files, etc.), Prelude benefits from a native support with a number of systems dedicated to enriching information even further (snort, samhain, ossec, auditd, etc.).

Since its creation, security engineers and specialists have enthusiastically contributed to the Prelude project in the spirit of open source. Powerful developments lie ahead in order to continue revolutionizing the world of information security.

PreludeAnt.png View (69 KB) , 09/11/2008 05:22 PM