Choose your version


Prelude OSS and Prelude SIEM share the same core around the IDMEF format. The two solutions are compatible with each other. Prelude OSS remains however a limited version, it is not recommended to deploy in critical environments. It can be used on very limited size infrastructures, for purposes of research and learning of the IDMEF standard or bases of the correlation as well as for a first evaluation of Prelude. However to do this, we recommend you, to request a more complete evaluation version of Prelude SIEM.

Versions Prelude OSS Prelude SIEM
Alerting Tray to simplified Alerts Tray to simplified alerts and expert, many tools for analysis and visualization of alerts
Correlation Simple correlation from Python scripts, deployment in the command line, 10 Default Rules Correlation and performance from meta-language, editing and deployment of rules via the HMI, 60 Default Rules
Selection Rule Edition via shell, regex and command line. 30 Default equipments Edition and deployment of rules via the GUI. 100 Default equipments
 Archiving Archiving of Alerts Only Archiving alerts and logs in a database NoSQL, indexing and interface of intuitive analysis
 Analysis Filtering in the alerts tray Graphs and navigable statistics, Forensic graph, reporting, management compliance
 Architecture Mono-server Multi-server architecture, relaying, high-availability, fail over
Rights Mono-user, no authentication Multi-user, LDAP authentication, management of rights and profiles
 Operating system Limited, many actions through shell and command line Custom view, Dashboard, customizable, management of integrated tickets, Workflow and knowledge base, multiple configuration interfaces.
Performance Real-time processing capacity limited by a non-optimized database schema. Performance decreasing when the volume of archived alerts increase Millions of possible alerts daily. Search time up to 30 times faster than OSS version.