Detect 1.3.0 was released on June 27, 2023

Prelude is excited to bring you the next version of Detect. This release includes the following improvements:

Probe Coverage

Host Management

  • Users can now apply custom tags to Hosts in the Detect UI.
  • Administrators can now delete probes from the UI.

Test Scheduling

  • Detect now supports automatic scheduling for security tests. Simply go to the Schedule page and enable Autopilot. Autopilot will automatically run every new advisory for 3 days across all your endpoints.
  • Administrators can now bulk edit test schedules in Detect's Schedule UI.
  • Tests can now be scheduled to run on a specific day of the week or on the first of the month.

Advisories and Tests

  • Prelude now displays all recent CISA advisories at the top of the Platform UI, along with contextual information about whether your defenses are protecting you against it or not. You can sort by date or performance.
  • Detect also now presents Advisory detail pages overlaid with information from your environment available by clicking "Read advisory" from Detect's main page.
  • There is a new test detail panel which displays README info for every test.
  • Tests are now mappable to ATT&CK techniques. This can be done over the CLI.
  • We’ve added 2 new exit codes for Tests to leverage:
    • 108: The test is not relevant to the endpoint operating system
    • 109: The test is relevant to the endpoint but no exploit was attempted
  • The following new security tests were added to Detect:
    • CVE-2023-21839
    • CVE-2021-45046
    • CVE-2023-1389
    • Secure Device
    • Volt Typhoon Trojan
    • Snake Trojan
    • BianLian Ransomware
    • CVE-2023-27350
    • CVE-2023-34362
    • 2023 CISA LockBit Ransomware Overview
    • CVE-2019-18935
    • Telerik Trojan


  • Users deploying Probes via Crowdstrike can now redeploy Probes to managed hosts.
  • Detect provides deep links from the host panel to your EDR.
  • We now report SHA256 hashes to your EDR (Crowdsrike or Microsoft Defender) on all unprotected test results.
  • When initially configuring an integration, Detect will now validate connection and authentication details.


  • Detect now hosts a status page. Visit https://platform.preludesecurity.com/status to verify the Prelude Detect service is healthy.
  • Endpoint create and update are now separate API routes, instead of one
  • Test create and update are now separate API routes, instead of one
  • All tags are now lowercase; tags are now forced to lowercase when submitted.
  • Detect will now prevent tests from being deleted if the test is scheduled.
  • Prelude will now purge account information for accounts that have been inactive for 45 days and have less than 100 lifetime test results.
  • The API previously limited the number of tests to 5 tests run per 3 minutes. This limit has been removed.