Screenshot
Alerts
The event window is the main monitoring Prelude window . This is the screen that tracks in real time the arrival of security alerts.
A color code allows an extended look to assess the criticality of an alert. The correlator performs upstream of the display all the aggregations needed to minimize the number of rows displayed. Each column of the table provides advanced sorting capabilities that allow to classify the events in the order most appropriate to the analysis or monitoring. It is possible to define a "reduced scope" in the table of events intended for an operator. You can for example assign only networks equipments or only the London devices to a single operator.
Prelude Filter
All Prelude screens have a menu for setting a window time of events analysis.
Thus it is easily possible to monitor events in real time but also to perform operations on Forensic on archived alerts.
In addition to the window time it is possible to automatically associate a filter on the events screens in order to reduce the analysis to a portion of parks, a set of services or a particular type of alerts.
Everything is provided to facilitate the work of analysis in a large volume of information.
IDMEF format
Prelude Corporate is the only SIEM to implement the IDMEF standard (RFC 4765)
The use of this standard permits to many oepn-source [N|H]IDS to communicate directly with the prelude manager :
- Suricata
- Snort
- Ossec
- Samhain
- etc.
Statistics
Prelude Corporate offers a large number of graphical statitics and reporting wich can be use for rapid analysis of the whole system security level.
This Corporate Module gives security trends to the operators so they can better anticipate and protect assets.
Reports give different "Top ten" : attacks, source IP, destination IP, etc.
Ticket management
The ticket management module brings the "E" part of the SIEM to Prelude Corporate.
