Prelude Operator
Prelude Operator can be automatically configured and deployed with a Splunk Attack Range allowing a user to easily launch attacks via operator on a running range using the pre-installed Penuma agents. See the general architecture below:
A few things to note from this architecture:
- A headless operator is installed on the Splunk server, this means a user needs: ** A Operator installed locally to connect and manage it ** Or talk through it via the API
- Pneuma is installed and supported on the Windows (server and domain controller) and Linux machines only today
- Pneuma connects back to the Headless Operator via TCP port
When an Splunk Attack Range is configured it will need to know the auto generated accountEmail to connect to. This can be obtained via the Prelude Operator client via clicking on Connect -> Deploy Manual Redirectors, see screenshot below for an example.
