Prewikka Manual¶
Table of Contents
Overview¶
Prewikka is the official Prelude User Interface. The Prewikka interface is a web GUI compatible with IE >= 9, Firefox >= 18, Chrome >= 26.
Prewikka is open source and is released under GPLv2 license. Prewikka has been developped in Python language.
Prelude supports real-time visualization of data thanks to Prewikka which provides automatic reloading of the alert listing.
PrewikkaPro, the commercial version of Prewikka provides additional functionalities. It is available through the Prelude SIEM website.
Caution: All Prewikka and PrewikkaPro functionalities are listed in this manual. So if you don't see all these functionalities on your own system, this is because either you use Prewikka and you are reading about a PrewikkaPro functionality, or you don't have the necessary permissions in Prewikka to see / use it.
Core Features¶
Below are listed the Prewikka and PrewikkaPro main functionalities. More details and pictures are available on the Prelude SIEM website.
Prewikka functionality¶
- Advanced Aggregation System
- Filter creation
- Sensor monitoring
- Alert listing automatic refresh
- Plugins architecture
- Themes
PrewikkaPro functionality¶
PrewikkaPro is the commercial version of Prewikka.- Permission management
- Advanced Ticket System
- Graphical Fully Interactive Statistics
- Graphical Fully Interactive Forensic
- Reporting (PCI DSS, vulnerabilities, ...)
- Ability to Create Virtual Alert "Views"
- Expert alert listing
- Alert Listing PDF Export
- Users and groups management
- Secured Authentication from LDAP server
- System command
- Graphical LML and Correlator edition
Getting Started¶
Technical Requirements¶
Before you begin using the Prewikka interface, ensure that you have the required software installed and configured on your system as follows:
1. A current Web browser on your computer
Prewikka is compatible with:
- Microsoft IE - www.microsoft.com/ie
- Firefox - www.mozilla.org/firefox
- Google Chrome - www.google.com/chrome
You may encounter problems if you try to access Prewikka using old Web browser versions.
2. Enable Java Script and cookie support on your Web browser
Both Java Script and cookie support must be enabled in the security settings of your browser and is usually turned on by default. If you encounter problems accessing the system, check your browser configuration to ensure both Java Script support and cookie support are enabled as follows:
- IE: Click Tools > Internet Options > Privacy and Security tabs
- Firefox: Click Tools > Options > Privacy and Web Features tabs
3. Network access to a server that is running the Prewikka software
Your system or network administrator can provide you with a Web address (URL) from which the system can be accessed.
Accessing Prewikka¶
Prewikka is a web application and can be accessed using a Web browser. Refer to the Prelude Installation Guide for the access procedure according to the used HTTP server.
The first step to access the GUI is the authentication with the URL http://IP-of-your-Prelude/.The default administrator credentials are the following:
- Login: admin;
- Password: admin.
- The navigation menu;
- The control menu;
- Page tabs;
- The page content.
All Prelude GUI pages will be described more precisely below.
Control menu¶
The control menu is used to change view parameters and to apply or save configurations.
Each control menu field is explained in the following table.
Field | Features |
---|---|
Filter | Allows you to select an IDMEF filter that was previously defined. The selected filter can be applied to the current view by clicking on the Apply button. Filter creation is described in Filters tab section. |
Refresh | Configures the refresh interval for every pages where this menu is visible: enter the interval (minutes or seconds) and click on the Apply button to configure the refresh. |
Period | Selects a period to show only information on alerts that were generated during the corresponding time interval. The time interval can be defined by minutes, hours, days, months or years. Example: if you select “n” months, data from the last “n” months will be displayed (including the current month). |
Time information | Information about the current time interval. |
Search | You can click on the search button representing a magnifying glass to apply your configuration. |
By clicking on the search button, the new parameters are automatically saved for the current user, so that they can be retrieved when accessing the same page later.
Note: The time parameters are saved globally, allowing to browse between pages while keeping the same time period.
At the control menu’s left, two buttons are available:
- The cog: this button corresponds to the view parameters. By clicking on it, additional view-specific options can be configured. This button is not clickable when the view has no specific option.
- The question mark: this button corresponds to the online help. By clicking on it, an external window containing the contextual help of the current page opens.
Note: The online help is also available in the menu “?” -> “Help”
Prewikka menu¶
The navigation menu is displayed on the upper left part of the GUI. The order in which sections are displayed can be specified in the configuration file (/etc/prewikka/menu.yml). Navigation menu sections are grouped in three entries by default (ALERT, ADMIN and “?”). Clicking on one of these menus shows the associated sections.
Setting Your Preferences¶
On your My Account page (click on the user on the top right side of the screen), you can view the settings.
As a user, you can edit some of these settings, such as your preferred language and your theme.
To set your language, click your User Name link located at the top right side of the page.
1. Language setting
Choose the appropriate language:
German, English, Spanish, French, Italian, Polish, Portuguese (Brazilian), Russian
Session Timeout¶
For security reasons, the system automatically logs you out of the interface if you don't perform any tasks during one hour (default configuration).
This doesn't happen if the alert listing automatic refresh is activated and the refresh time is less than one hour.
Using Prewikka¶
The navigation menu is displayed on the upper left part of the GUI. The order in which sections are displayed can
be specified in the configuration file (/etc/prewikka/menu.yml). Navigation menu sections are
grouped in three entries by default (ALERT, ADMIN and “?”). Clicking on one of these menus
shows the associated sections.
ALERT menu¶
The ALERT menu is composed of three sections. Each section tab will be detailed below.
Alerts section¶
The Alerts section allows you to see and manage your security alerts.
There are two tabs by default:
Alert tab¶
- Displays the alerts listing. See the Detailed alert tab page
Aggregated alerts¶
- Displays the list of alerts in an aggregated way. See the Detailed aggregated alerts tab page
In order to learn how to use the Alerts section, see the Detailed Alerts section page
Threats section¶
The Threats section allows you to see and manage your security threats.
There are two tabs by default:
Threats tab¶
- Displays the threats listing. See the Detailed Threats tab page
Aggregated threats¶
- Displays the list of threats in an aggregated way. See the Detailed Threats tab page
Agents section¶
The Agents section allows you to manage and monitor your agents.
There are three tabs by default:
Agents tab¶
- Displays the agents listing. See the Detailed Agents tab page
Heartbeats tab¶
- Displays the heartbeats listing. See the Detailed Heartbeats tab page
Aggregated heartbeats¶
- Displays the list of heartbeats in an aggregated way. See the Detailed Aggregated heartbeats tab page
ADMIN menu¶
The ADMIN menu regroups Prelude SIEM administration and configuration features. The ADMIN menu contains two sections:
Configuration section¶
The Configuration section allows you to manage automatic task.
There are one tab by default:
Scheduling tab¶
- Lists all tasks that can be scheduled for a periodic execution. See the Detailed Scheduling section page
In order to learn how to use the Configuration section, see the Detailed ADMIN menu page
Preferences section¶
The Preferences section allows you to manage, your filters and your account.
There are two tabs by default:
My account tab¶
- Allows you to set your preferences and see your permissions. See the Detailed My account tab page
Filters tab¶
- Allows operators to create their own advanced filters based on alerts, heartbeats or logs.
In order to learn how to use the Preferences section, see the Detailed Filters tab page
? menu¶
This menu gives access to Apps and About sections.
Apps section¶
In the Apps section, you will find the installed apps list. See the Detailed Apps section page
About section¶
In the About section, you will find the version of your Prewikka software, a description of the services provided by the CS company, and the company contact details.