Ephemeral Probes
Ephemeral probes are lightweight processes with the smallest footprint possible. They are designed to run without dependencies on any modern version of Windows, Linux or MacOS and do not persist across reboots.
Generating a Token
Before running the platform specific commands listed below, you'll need to generate a Probe token using the Prelude CLI. (The registration and install string generated via the web UI cannot be used; it's a reusable string and not a host-specific Probe token.)
If you created your account using the web UI, export your credentials (user menu > My profile > Export Credentials) and save the keychain.ini file to ~/.prelude/ so that when you run the Prelude CLI to generate the Probe token, the token will be linked to the account in use via the web UI.
Use the "prelude detect create-endpoint" command to generate a unique token for each instance of the ephemeral probe you intend to run. SERIAL_NUM is intended to be a serial number but can be any unique string associated with the target machine.
Example
prelude detect create-endpoint -h %HOSTNAME% -s %SERIAL_NUM% -t "Tag1,Tag2"
Available parameters for the create endpoint function
Options:
-h, --host TEXT hostname of this machine [required]
-s, --serial_num TEXT serial number of this machine [required]
-t, --tags TEXT a comma-separated list of tags for this endpoint
--help Show this message and exit.
Windows
Open-source Raindrop
Run the following commands in Powershell as Administrator. Replace with the token value you generated via the Prelude CLI as mentioned above. These commands will: download the script, set the PRELUDE_TOKEN environment variable, and start the script:
Invoke-WebRequest -UseBasicParsing -URI "https://api.preludesecurity.com/download/raindrop" -Headers @{"dos"="windows-x86_64"} -OutFile probe.ps1
SETX PRELUDE_TOKEN <TOKEN> /M
.\probe.ps1
MacOS
Open-source Nocturnal
To download the ephemeral probe and run it (replace with the token created in "Generating a Token" section on this page:
curl -sL "https://api.preludesecurity.com/download/nocturnal" -H "dos:darwin-arm64" > probe
export PRELUDE_TOKEN=<TOKEN>
chmod +x probe
./probe
Linux
Open-source Nocturnal
To download the ephemeral probe and run it (replace with the token created in "Generating a Token" section on this page:
curl -sL "https://api.preludesecurity.com/download/nocturnal" -H "dos:darwin-arm64" > probe
export PRELUDE_TOKEN=<TOKEN>
chmod +x probe
./probe
Updated 9 months ago