Everyone both involved in information security and many that are not have heard of Snort NIDS (Network Intrusion Detection System). But not many have heard of a little jewel by the name of Prelude. Prelude is an open source framework for building distributed Hybrid Intrusion Detection Systems (HIDS). The reason it is called 'Hybrid' is that it utilizes sensors which are network based (NIDS). But also allows for hosts logs to be transmitted to a central 'Manager' for correlation and storage in a database (mySQL, Postgres, Oracle). Prelude has been around in one form or another since 1998, so it is mature in terms of development. As well as equally as old as the Snort Project. With its modular design and ability to allow other external applications/devices to report to it makes it an excellent and extensible solution to creating custom HIDS solutions.
There is are a myriad of terms that have come about recently that apply to variations of an IDS. A newer term that has come about is a SIM (Security Information Management). Which can apply partly to the Prelude framework. Being that a SIM is a centralized repository for security event information. In fact by this definition Prelude is for the most part a SIM:
The project leader Yoann Vandoorselaere has referred to Prelude as a 'Meta IDS' as well. But no matter what term you use to refer to it. Prelude is a great piece of Open Source security software that was written with the intent of being used in large heterogeneous networks.
The link for this article located at localareasecurity.com is no longer available.
