You must procure a license for each resource that Prisma Cloud protects and renew the license before the expiry term.
Licensing on Prisma Cloud uses a metering system based on credits used, and both Prisma Cloud Enterprise Edition (SaaS) and Prisma Cloud Compute Edition (self-hosted) are licensed with the same credits metering system.
Prisma Cloud Compute protects your hosts, containers, and serverless functions using a security agent called Defender, and using an agentless method. The number of credits you consume directly correlates with the type and mix of Defenders you deploy and the agentless security option.
Prisma Cloud also offers twistcli, a command-line configuration tool for which there is no additional credit usage. The credit usage is for the resources that are being protected using an agent or an agentless method.
Credits per resource
Hosts that don’t run containers
Hosts that are being scanned by Agentless scanning
Host Agentless scan
Hosts that run containers
Hosts that run applications
Tanzu Application Service Defender
On-demand containers (such as AWS Fargate, Google Cloud Run)
Serverless functions (such as AWS Lambda, Azure Functions, Google Cloud Functions)
1 credits per 6 defended functions
Web Application and API Security (WAAS)
30 credits per Defender agent associated with protected web-application nodes (container/pod/host/AppID)
The type of Defender you deploy depends on the resource you’re securing.