Description:

Prelude is an Hybrid Intrusion Detection System,
written entirely from scratch, in C.

Prelude is divided in several parts:
* The Prelude NIDS sensor, responsible for real time packet capture and
analysis :

- The signature engine, designed to be completly generic and evolutionary.
It is currently able to read Snort rulesets. By simply adding parser,
it should permit to load rulesets from any NIDS easily.

- The protocol plugins, which can handle packets at a higher level than
prelude does, ie: you got a tcp packet, and a Protocol plugin detect that
packet data contain an ssh header, so it will decode the ssh header,
and ask to the associated Detection plugin to analyze the decoded header.

- A set of detection plugins whose job is to analyze the data they are
interested in (they register the protocol they are interested in at
initialization time), and will eventually emit a security warning. Detection
plugin should only be used for complex intrusion detection that can't be
done using the signature engine.

* A report server, which sensors contact in order to report an alert, that
generates user readable report using plugins.

- The reporting plugins, whose job is to decode the reports issued by the
Detection plugin, and translate them in a user readable form (eg: syslog
report, html report, etc).