You must procure a license for each resource that Prisma Cloud protects and renew the license before the expiry term.
Licensing on Prisma Cloud uses a metering system based on credits used, and both Prisma Cloud Enterprise Edition (SaaS) and Prisma Cloud Compute Edition (self-hosted) are licensed with the same credits metering system.
Prisma Cloud Compute protects your hosts, containers, and serverless functions using a security agent called Defender, and using an agentless method. The number of credits you consume directly correlates with the type and mix of Defenders you deploy and the agentless security option.
Prisma Cloud also offers twistcli, a command-line configuration tool for which there is no additional credit usage. The credit usage is for the resources that are being protected using an agent or an agentless method.
Credits per resource
What’s counted?
Hosts that don’t run containers
1 credit
Host Defender
Hosts that are being scanned by Agentless scanning
1 credit
Host Agentless scan
Hosts that run containers
7 credits
Container Defender
Hosts that run applications
7 credits
Tanzu Application Service Defender
On-demand containers (such as AWS Fargate, Google Cloud Run)
1 credits
App-Embedded Defender
Serverless functions (such as AWS Lambda, Azure Functions, Google Cloud Functions)
1 credits per 6 defended functions
Defended functions:
  • Functions (only latest version) with a Serverless Defender - including Runtime & WAAS
  • Functions scanned for vulnerabilities and compliance (only latest version)
Web Application and API Security (WAAS)
30 credits per Defender agent associated with protected web-application nodes (container/pod/host/AppID)
  • Host Defender
  • Container Defender
  • App-Embedded Defender

Defender types

The type of Defender you deploy depends on the resource you’re securing.