Prelude is divided in several components. Sensors are responsible for intrusion detection, and report events in a centralized fashion using a TLS connection to a 'prelude-manager' server. The prelude-manager server can then process theses events and deliver them to an user specified media (mysql database, postgresql database, XML file, any format provided there is a report plugin for it).
The Prelude console can then be used to view theses events.
Here is a simple example of how the differents Prelude components interacts:
The following ilustration shows this:
In the above example, 'Branch A' of the organization has access to events generated by Sensor D, E and F only. However the 'NOC' can see events generated both by it's own sensors (A, B and C), as well as the events generated by the others organization branches (like B, C, etc.).
In this specific case, you can configure the external 'prelude-manager' program to connect to another internal 'prelude-manager' located inside the DMZ network, and to read the event emited from it.
The Prelude console can then be used to view theses events.
Here is a simple example of how the differents Prelude components interacts:
Relaying
Relaying is a feature which allows the prelude-manager program to 'forward' received events to another 'prelude-manager' program.The following ilustration shows this:
In the above example, 'Branch A' of the organization has access to events generated by Sensor D, E and F only. However the 'NOC' can see events generated both by it's own sensors (A, B and C), as well as the events generated by the others organization branches (like B, C, etc.).
Reverse relaying
On certain networks, it can sometimes be difficult or troublesome to arrange network permissions so that a program can connect to a server out of a given zone (for example, a firewall might not allow DMZ machines to connect outside of their own network).In this specific case, you can configure the external 'prelude-manager' program to connect to another internal 'prelude-manager' located inside the DMZ network, and to read the event emited from it.