OPERATOR > PLUGINS

Plugins

Plugins are a powerful way to extend Operator to meet your unique needs. Prelude has developed a series of plugins that we support/develop. Feel free to privately add your own, or develop for the community!

Editor

Manage, edit and design your TTPs. Access your Community & Professional TTPs.

Community

Cloud

Deploy redirectors and test ranges, as well as connect to your SIEM to "close the loop". Automatically publish compromised "attack ranges" with Elastic or Splunk.

Community

Theme Change

Change between light and dark mode or apply a custom theme to the homepage.

Community

Agent Library

Agents are the lifeblood of Operator. Start an agent on any computer to connect it to Operator, allowing you to run security assessments against the machine. Make sure you have permission from the computer owner beforehand. ThirdEye is built into Operator and requires no download. Download others using this plugin.

Community

Azure Initial Access

Use Operator to get initial access on your Azure deployed resources. This will allow you deploy Pneuma (or PneumaEX for professional license holders) onto virtual machines running in Resource Groups on Microsoft Azure.

Community

Navigator

This plugin acts as a connector to MITRE's ATT&CK Navigator. The principal feature of the Navigator is the ability for users to define layers - custom views of the ATT&CK knowledge base - e.g. showing just those techniques for a particular platform or highlighting techniques a specific adversary has been known to use. Layers can be created interactively within the Navigator or generated programmatically and then visualized via the Navigator.

Community

Atomic Red Team

Atomic Red Team (ART) contains hundreds of TTPs which can be used to validate the defenses on a system or within a network. This plugin allows you to import these attacks into Operator and manage them as native TTPs. Importing them is a one time action. Afterward, you can attach them to adversaries or work with them inside the Editor section, as if they were built-in Operator TTPs.

Community

Toolbox

Your toolbox contains all the utilities you use on a regular basis. Operator will keep these tools updated so there is no need to manually pull latest code. Just enter the address of any tool you want to track and Operator will clone it into your toolbox and keep it updated.

Community

Reporting

Easily visualize your attack chains and see what succeeded (and didn't). Export those results to a format that works for you - .json, .xlsx or a pre-formatted red-team report in Word.

Professional

Switchboard

Atomic Red Team (ART) contains hundreds of TTPs which can be used to validate the defenses on a system or within a network. This plugin allows you to import these attacks into Operator and manage them as native TTPs. Importing them is a one time action. Afterward, you can attach them to adversaries or work with them inside the Editor section, as if they were built-in Operator TTPs.

Professional

Publisher

You can connect a variety of publishers to forward your attack results to external sources. You may do this to aggregate your log data in a SIEM or notify analysts in a messaging app of an ongoing red team engagement. Enable and disable configured publishers in the Emulate section when deploying adversaries.

Professional

SIEM

Integrate Operator attack data into your SIEM and test the efficacy of your defenses.

Enterprise

Emulate

Adversary Emulation

Mimic known threats to your organization by combining threat intelligence and continuous red teaming to emulate attacks.

Train

Defensive Training

Train yourself or your organization on real-world attacks using the first training platform integrated directly into an attack emulation platform. Perform attacks and learn how to stop them.

Desktop

Desktop Application

Prelude takes care of the complexity behind the scenes and delivers Operator as the first desktop application in autonomous red-teaming. Simple design and free to use, download it here.

Continous

Continuously Updating

New TTPs and training content added every week (and sometimes, daily). Stay up-to-date, automatically. Threat intelligence, adversary creation, TTPs and training content all updated within the desktop app.