Deploying probes

Low-resource, temp processes to enable security testing

A probe is a temporary process that requires no special privileges and no installation to run. A probe can just be started. Probes are designed to be very lightweight - measuring between 1-50KB on disk - and to run anywhere you have code. As such, probes can deploy out on devices ranging from laptops to servers to cloud environments and OT infrastructure.

All Prelude probes are open-source.


Probes require an environment variable, PRELUDE_TOKEN, to be set before they are started. This variable is the unique identifier for the endpoint it's running on and allows the Prelude Service to identify your ownership. This token can be generated through the create-endpoint CLI command.

This token is not a secret: it is used for identification purposes only. If someone were to steal this token, they would be capable of running the security tests you schedule for it but nothing else.


Probes can be deployed one of two ways:

  • Ephemeral: export the PRELUDE_TOKEN environment variable and start any probe executable on any host.
  • Persistent: run one of the provided installers to install the probe as a service on any host.