Endpoint (physical or VM) with Golden Image.

EVE works by performing attack emulation on physical endpoints or virtual machines (preferred) installed on the customer's network. The EVE Agent is installed on this target endpoint and this enables communication with the Attack Emulation Platform. On the designated VM, the representative image of the target endpoint environment (Golden Image) the user wish to test will be loaded, i.e., a standard Workstation or server installation and configuration, with standard endpoint security controls installed and configured. In this image the user will need to install the security solutions that the user have deployed in the corporate environment such as EPP, EDR, or any other endpoint protection solution., if they are not already part of a "golden image" that is normally used for endpoint configuration.

Endpoints should be provided being as similar as possible to a computer that could be susceptible to attack for a threat actor.

Finally, the user will need a snapshot of each virtual machine (if applicable), which saves the state of a virtual machine and allows the user to retrieve it at any time. This is necessary as it will be used as a backup, to revert and reuse images after emulation attacks.