Prelude NG is the first version of the R&D project supported by the Ministry of Defence and ANSSI (French Security Agency). The work of the PIA project focuses on improving the Graphical User Interface, exploitability and new features as well as the Prelude performances.
GUI and Ergonomics
Complete new GUI: GUI Prelude NG now use the latest technology for the development of applications in "rich client" (Bootstrap, Ajax, HTML5, etc.) making them modern interfaces, dynamic and responsives.
Widgets: Pelude NG relies on "widgets" technology for display windows, avoiding navigation tabs. The concentration of the operators is improved.
Tooltips: The operator now has contextual information as tooltips in operating interfaces. It is no longer necessary to change the window to access this information, which facilitates handling alerts.
New graphical visualization library: Abandon of old FusionCharts graphs in Flash for a new recent and dynamic library in HTML5 (better compatibility with newer browsers and better security). The display is more ergonomic and more fluid. In addition, several new features are available on the graphs: dynamic change of representation, dynamic aggregation portions graphs, backups opportunities lines in image format of a graph, etc.
Customizable Dashboard: With a few clicks, you can build a dashboard from the many views available. All Prelude views are available, one can thus combine statistics, but also forensic graphn, timeline and alerts tray.
Operations and Deployment
Simplified Alert board: Sleek alerts tray is available for Level 1 operators. The'advanced' board remains available for analysts and experienced operators.
Control menu: The control menu has been completely redesigned and rewritten to facilitate the work of operators. The menu is readily available and has new shortcuts for the operation. The use of latest components (calendar, time slider, etc.) reduces the entry work for operators.
New configuration selection and correlation rules interfaces: Ergonomic mechanisms have been added to create correlation rules by drag & drop. The design of correlation and selection criteria is done in WYSIWYG mode. With full configuration interfaces rearrangement of correlation rules and selection, it is no longer necessary to edit programming files to manage different rules.
Rules deployment: All these operations are done through the deployment interfaces. It is no longer necessary to edit the configuration files and access to online commands to enable the rules of correlation and selection.
Development of a new Archive Module: The Archive module (Big Data storage and indexing of logs) has been completely redesigned to improve usability and efficiency. The search interface presents a graphical view of the results and research can be built in a few clicks. An input box "expert" is available for advanced users. In addition, the Archive module GUI is compatible with external log management software.
Plugins multi-archive: To meet the needs of customers who already have a log manager, Prelude NG can integrate with leading solutions on the market. Specific plugins are available for Splunk, ELK, Graylog and ELSA.
Compliance Management PCI DSS and ISO 27002: New graphs of compliance meeting the PCI DSS and ISO 27002 are now available. They are editable in office format or directly in the web interface.
Forensic: Prelude NG offers several advanced graphics to help operators identify abnormal behavior leading to possible APTs. These charts offer new perspectives and original performances conducive to forensic analysis.
Enclosures Administration: The administration and configuration of the appliance is done today through onboard interfaces. Interfaces are available for configuring networks and systems, for maintenance and fault analysis.
Knowledge Base: Prelude NG embeds a knowledge base and procedure notes that assist operators in resolving incidents.
Monitoring housings: A new monitoring module enables the monitoring of the state of Prelude NG housing (disk space, CPU, network interfaces, ...). Exceeding certain thresholds will be subject to an alert.
New probes: A native connector IDMEF was implemented in new detection probes: Application Firewall (WAF): mod-security, anti-virus ClamAV, Spam: SpamAssassin Proxy: Squid CrawlProtect (WAF PHP )
Apps: All code operating interfaces is organized as Apps. This architecture offers fine facilities for configuration interfaces, and also gives the possibility to third parties to develop new plugins for specific needs.
IODEF Interface: Prelude NG offers a first IODEF interface. This interface allows you to create an incident IODEF format from a Prelude incident and send by email. IODEF (Object Exchange Incident Definition Format) is the standard format of a security incident resolution that meets the requirements of reporting incidents of businesses.
Enrichment default configurations:
Selection: 100 device
Correlation: 80 rules
Views: 20 new views
Search speed and alerts display in the GUI: 10 x
Improved search and selection of performance alerts based on optimization of selection queries, multiplication speed up the search for a factor x10.
Insertion speed based x2
Improved gross alerts processing performance and correlations increase in insertion speeds by a factor of x2, which raises the theoretical number of possible alerts housings at 16 million a day.