Prelude SCM is designed to collect inventory from multiple tools/controls in order to create a truly complete device inventory. Prelude SCM supports the following device control categories:
- Discovered Devices
- EDR
- Endpoint Management
- Vulnerability Management
Discovered devices collects data from a variety of systems including:
- ServiceNOW CMDB
- Microsoft Defender Discovery
- Amazon EC2
- Microsoft Azure VMs (coming soon)
Unlike other control categories, device discovery does not have any associated policies, it is a simple inventory source that adds to the SCM device inventory table. Currently, each device control category focuses on Windows, Linux and macOS operating systems. Support for mobile and other devices is planned later in 2025.
What devices are imported into Prelude SCM from each integration:
- ServiceNOW CMDB - Prelude SCM imports all devices in the cmdb_ci_computers table. An exception will be needed for devices not supported by the EDR, Endpoint Management and Vulnerability Management control categories
- Microsoft Defender Discovery - Prelude SCM imports all known devices that are in the Can be Onboarded state of Microsoft Defender for Endpoint Discovery. This includes any devices scanned using Microsoft vulnerability management tooling.
- Amazon EC2 - Prelude SCM imports all active EC2 instances from AWS.
- Microsoft Azure VM - Prelude SCM imports all active virtual machines from Microsoft Azure.
Each device is added to the Prelude SCM device inventory and is used in comparison/calculation for missing controls across each control category (Endpoint Management, EDR, Vulnerability Management etc).