A web dashboard for Prelude IDS. Browse, filter, and analyze security alerts through a modern interface instead of Prelude's default tooling.
Prebetter connects directly to Prelude's MySQL database and gives you a web UI on top of it. You get alert filtering, timeline stats, heartbeat monitoring, CSV export, and user management with role-based access.
Prelude IDS is an open-source intrusion detection system. Its default interfaces are... not great. This project exists because we needed something better.
┌─────────────┐ ┌──────────────┐ ┌─────────────────┐
│ Browser │────▶│ Frontend │────▶│ Backend API │
│ │ │ (Nuxt 4) │ │ (FastAPI) │
└─────────────┘ └──────────────┘ └────────┬────────┘
│
┌───────┴─────────┐
│ │
┌─────▼──────┐ ┌──────▼───────┐
│ Prelude DB │ │ Prebetter DB │
│ (read-only │ │ (users) │
└────────────┘ └──────────────┘
The frontend is a Nuxt 4 / Vue 3 SPA (shadcn-vue, Tailwind CSS, dark/light mode). The backend is a FastAPI REST API with JWT auth. Two MySQL databases: Prelude's existing one (read-only) and a separate one for user management.
- Python 3.13+
- Node.js 20+
- MySQL 5.7+
- uv (Python package manager)
- Bun (JavaScript package manager)
-
Clone the repository:
git clone https://github.com/LeonKohli/prebetter.git cd prebetter -
Set up the backend:
cd backend uv sync cp .env.example .env # Edit .env with your database credentials fastapi dev
-
Set up the frontend:
cd frontend bun install bun run dev -
Access the application:
- Frontend: http://localhost:3000
- Backend API: http://localhost:8000
- API Documentation: http://localhost:8000/api/v1/docs
- Alert browsing with filtering by severity, classification, IP, date range
- Alert grouping by source/target IP pairs
- Heartbeat monitoring (which agents are alive, which dropped off)
- Timeline and summary statistics
- CSV export
- JWT auth with superuser/regular user roles
- Dark/light mode
| Layer | Technology |
|---|---|
| Frontend | Nuxt 4, Vue 3, TypeScript, Tailwind CSS v4, shadcn-vue |
| Backend | FastAPI, SQLAlchemy, Pydantic, PyJWT |
| Database | MySQL 5.7+ (Prelude DB + user management DB) |
| Package Managers | uv (Python), Bun (JS) |
- Backend README — API endpoints, database schema, setup details
- Frontend README — component structure, auth flow, styling
- API docs — interactive Swagger UI (when running)
Prelude IDS does its job well, but the existing tools for actually looking at the data it collects haven't kept up. We needed a way to quickly browse alerts, see what's happening across our network, and not fight the UI while doing it. So we built one.
- Fork the repository
- Create a feature branch from
dev - Test thoroughly
- Submit a pull request