Regularly decommissioning stale Defenders keeps your view of the environment clean and conserves licenses.
Defenders can be decommissioned from the Console UI or the Prisma Cloud API.
Prisma Cloud automatically decommissions stale Defenders for you.
In large scale environments, manually decommissioning Defenders could be onerous.
If left undone, however, it can lead to lots of Defenders being left in a permanently offline state, cluttering your view of environment.
To keep your view clean, Console automatically decommissions Defenders that haven’t been connected to Console for more than one day.
This keeps the list of connected Defenders valid to a 24-hour window.
The refresh period can be configured up to a maximum of 365 days under
The preferred method for uninstalling Defenders is via the Console UI.
However, if a Defender instance is not connected to Console, or is otherwise not manageable through the Console UI, it can be manually removed.
On the Linux host where Container Defender runs, use the following command:
$ sudo /var/lib/twistlock/scripts/twistlock.sh -u
If you run this command on the same Linux host where the Prisma Cloud Console is installed, it also uninstalls Prisma Cloud Console.
On the Linux host where Host Defender runs, use the following command: