Deploying probes

Low-resource, temp processes to enable security testing

Suggest Edits

A probe is a temporary process that requires no special privileges and no installation to run. A probe can just be started. Probes are designed to be very lightweight - measuring between 1-50KB on disk - and to run anywhere you have code. As such, probes can deploy out on devices ranging from laptops to servers to cloud environments and OT infrastructure.

All Prelude probes are open-source.

Authentication

Probes require an environment variable, PRELUDE_TOKEN, to be set before they are started. This variable is the unique identifier for the endpoint it's running on and allows the Prelude Service to identify your ownership. This token can be generated through the create-endpoint CLI command.

This token is not a secret: it is used for identification purposes only. If someone were to steal this token, they would be capable of running the security tests you schedule for it but nothing else.

Deployment

Probes can be deployed one of two ways:

  • Ephemeral: export the PRELUDE_TOKEN environment variable and start any probe executable on any host.
  • Persistent: run one of the provided installers to install the probe as a service on any host.

Updated 12 days ago