Defensive integrations

Attach your controls to your Prelude Account for enhanced visibility

A defensive control, such as an EDR, sits on an endpoint and either actively defends the host or passively monitors all activity. A control is ultimately there to protect the host and provide observability into what is happening.

There are two types of integrations that can be attached to a Prelude Account: EDR and SIEM.


Attach an EDR control to your Prelude Account to send all missed detections to your vendor in real time. Every time a Verified Security Test (VST) should have been caught - but wasn't - the event is sent to your vendor for analysis. By running Detect continuously, you can validate whether or not a fix is deployed in a reasonable time period.


Attach a SIEM to your Prelude Account to forward test events, in real time, to a specified location. Every time a VST runs, success or failure, the event will be sent to your SIEM. Each event includes the timestamp, the test that was run, and the specific response status. Events also include your Detect account ID, which you can use to filter real events from tests.