Alert Suppression

Configuration of alert suppression for defensive integrations

Prelude Detect verified security tests (VSTs) are designed to trigger a response from installed detection and response tools. Alert Suppression allows administrators to automatically comment and close any Prelude related detections. There are a number of ways to accomplish this based on the tools in use, below is a generic list of file and command line paths that will identify and exclude a Prelude VST.


  • File Path: \*Program Files\Prelude Security\Prelude Probe\*
  • CommandLine: \*Program Files\Prelude Security\Prelude Probe\*
  • Grandparent Process CommandLine: \*Program Files\Prelude Security\Prelude Probe\*
  • CommandLine: *PRELUDE_CA*
  • Parent Process CommandLine: *PRELUDE_CA*
  • Grandparent Process CommandLine: *PRELUDE_CA*


  • Parent Process username: preludesecurity
  • Grandparent Process username: preludesecurity
  • Grandparent Process file path: */preludesecurity/*
  • Parent process file path : */preludesecurity/*


  • Username: _preludesecurity
  • Grandparent Process File Path: */preludesecurity/*
  • Parent Process File Path: */preludesecurity/*

What’s Next

Find the specific steps for our supported Integration Partners (SentinelOne, Crowdstrike, Microsoft Defender).