Interactive mode

Use the CLI in a workflow designed for purple teams

The Prelude CLI can be run in a fully interactive mode through the command: prelude --interactive.

Use ESC to go backwards in the menu and "/" to filter any list printed on the screen.


Home view of the interactive mode

Interactive mode wraps around the Prelude SDK, an open-source library that talks to the Prelude API. The mode is designed to provide a seamless workflow for purple teamers conducting continuous security testing.

There are 6 options available:

  • Deploy probes
  • Schedule tests
  • View results
  • Developer hub
  • Manage account
  • Open executive dashboard

Deploy probes

An endpoint probe is a 1 kilobyte process that knows how to run Verified Security Tests.

From the CLI, you can register a new probe and download an executable file - the physical probe - which can then be copied to any computer and run. Probes can be optionally tagged by type of computer and sensitivity of the machine it is intended to run on. Tags are useful when scheduling tests or filtering results.

The probes menu also allows you to view the results from any probe and delete ones you no longer want.

Schedule tests

A Verified Security Test (VST) can be scheduled to run against any subset of probes in your fleet. Inside this section, you will find the ability to manage schedules.

View results

Results can be viewed a few different ways. First, you can view individual probe results in the Deploy probes section of the CLI. Second, you can enter the View results section and analyze your results through one of the following views:

  • Days: see how many probes ran a test per day, and how many returned an UNPROTECTED state
  • Rules: for each rule, see how many probes ran a test under it and how many returned an UNPROTECTED state
  • Insights: see a priority-ordered list of your most vulnerable operating system / test combinations
  • Recommendations: the internal Prelude team writes security recommendations for licensed users, which you can view here.

Developer hub

The Developer hub is where all custom test creation occurs. Create new tests, upload them to cloud storage and manage your existing custom security tests in this section. Use the Visual Studio integration for a more powerful editing experience.

Manage account

Prelude accounts can have multiple users associated to them. When an account is first created an administrator is provisioned, which has full authority. There are several other permission types outlined in the Prelude account documentation.

In the CLI, you can add or remove users of any permission, along with attach or detach defensive integrations, such as CrowdStrike.

Executive dashboard

Interactive mode offers a lightweight management portal for all things Detect. However, some things are better served through visualization. The executive dashboard, an immersive experience to make decisions based on your data, can be entered through the CLI, opening in the default browser.

The dashboard displays your results through a time series, filterable through a set of properties, such as operating system and (endpoint) tag. The dashboard aggregates your results and provides computer-generated insights to help identify where the largest gaps in the defense may be.


A view from the executive dashboard