Install a single Host Defender
Table of Contents
Self.Hosted 22.06 (EoL)
Expand all | Collapse all
-
- Getting started
- System Requirements
- Prisma Cloud container images
- Onebox
- Kubernetes
- OpenShift v4
- Console on Fargate
- Amazon ECS
- Alibaba Cloud Container Service for Kubernetes (ACK)
- Azure Kubernetes Service (AKS)
- Amazon Elastic Kubernetes Service (EKS)
- Google Kubernetes Engine (GKE)
- Google Kubernetes Engine (GKE) Autopilot
- IBM Kubernetes Service (IKS)
- Windows
- Defender types
- Cluster Context
-
- Install a single Container Defender
- Automatically Install Container Defender in a Cluster
- App-Embedded Defender
- App-Embedded Defender for Fargate
- Default setting for App-Embedded Defender file system protection
- VMware Tanzu Application Service (TAS) Defender
- Serverless Defender
- Serverless Defender as a Lambda layer
- Auto-defend serverless functions
- Install a single Host Defender
- Auto-defend hosts
- Deploy Prisma Cloud Defender from the GCP Marketplace
- Decommission Defenders
- Redeploy Defenders
- Uninstall Defenders
-
- Rule ordering and pattern matching
- Backup and restore
- Custom feeds
- Configuring Prisma Cloud proxy settings
- Prisma Cloud Compute certificates
- Configure Agentless Scanning
- Agentless Scanning Modes
- Configure scanning
- User certificate validity period
- Enable HTTP access to Console
- Set different paths for Defender and Console (with DaemonSets)
- Authenticate to Console with certificates
- Configure custom certs from a predefined directory
- Customize terminal output
- Collections
- Tags
- Logon settings
- Reconfigure Prisma Cloud
- Subject Alternative Names
- WildFire Settings
- Log Scrubbing
- Clustered-DB
- Permissions by feature
-
- Logging into Prisma Cloud
- Integrating with an IdP
- Integrate with Active Directory
- Integrate with OpenLDAP
- Integrate Prisma Cloud with Open ID Connect
- Integrate with Okta via SAML 2.0 federation
- Integrate Google G Suite via SAML 2.0 federation
- Integrate with Azure Active Directory via SAML 2.0 federation
- Integrate with PingFederate via SAML 2.0 federation
- Integrate with Windows Server 2016 & 2012r2 Active Directory Federation Services (ADFS) via SAML 2.0 federation
- Integrate Prisma Cloud with GitHub
- Integrate Prisma Cloud with OpenShift
- Non-default UPN suffixes
- Compute user roles
- Assign roles
- Credentials store
- Cloud accounts
-
- Prisma Cloud vulnerability feed
- Vulnerability Explorer
- Vulnerability management rules
- Search CVEs
- Scan reports
- Scanning procedure
- Customize image scanning
- Configure Registry Scans
-
- Scan Images in Sonatype Nexus Registry
- Scan images in Alibaba Cloud Container Registry
- Scan images in Amazon EC2 Container Registry (ECR)
- Scan images in Azure Container Registry (ACR)
- Scan images in Docker Registry v2 (including Docker Hub)
- Scan images in Google Artifact Registry
- Scan images in Google Container Registry (GCR)
- Scan images in Harbor Registry
- Scan images in IBM Cloud Container Registry
- Scan images in Artifactory Docker Registry
- Scan images in OpenShift integrated Docker registry
- Trigger registry scans with Webhooks
- Base images
- Configure VM image scanning
- Configure code repository scanning
- Agentless scanning
- Malware scanning
- Vulnerability risk tree
- Vulnerabilities Detection
- CVSS scoring
- Windows container image scanning
- Serverless function scanning
- VMware Tanzu blobstore scanning
- Scan App-Embedded workloads
- Troubleshoot vulnerability detection
-
- Compliance Explorer
- Enforce compliance checks
- CIS Benchmarks
- Prisma Cloud Labs compliance checks
- Serverless functions compliance checks
- Windows compliance checks
- DISA STIG compliance checks
- Custom compliance checks
- Trusted images
- Host scanning
- VM image scanning
- App-Embedded scanning
- Detect secrets
- Cloud discovery
- OSS license management
- API
End-of-Life (EoL)
Install a single Host Defender
Install Host Defender on each host that you want Prisma Cloud to protect.
Single Host Defenders can be configured in the Console UI, and then deployed with a curl-bash script.
Alternatively, you can use twistcli to configure and deploy Defender directly on a host.
Install a Host Defender (Console UI)
Host Defenders are installed with a curl-bash script.
Install Host Defender on each host that you want Prisma Cloud to protect.
Anywhere <CONSOLE> is used, be sure to specify both the address and port number for Console’s API.
By default, the port is 8083.
For example, https://<CONSOLE>:8083.
Prerequisites
:- Your system meets all minimum system requirements.
- You have sudo access to the host where Defender will be installed.
- You have already installed Console
- Port 8084 is open on the host where Defender runs. Console and Defender communicate with each other over a web socket on port 8084 (by default the communication port is set to 8084 - however, you can specify your own custom port when deploying a Defender).
- Console can be accessed over the network from the host where you will install Defender.
- Verify that the host machine where you install Defender can connect to Console.$ curl -sk -D - https://<CONSOLE>/api/v1/_pingIf curl returns an HTTP response status code of 200, you have connectivity to Console. If you customized the setup when you installed Console, you might need to specify a different port.Log into Console.Go toManage > Defenders > Deploy.
- In the first drop-down menu (2), select the way Defender connects to Console.A list of IP addresses and hostnames are pre-populated in the drop-down list. If none of the items are valid, go toManage > Defenders > Names, and add a new Subject Alternative Name (SAN) to Console’s certificate. After adding a SAN, your IP address or hostname will be available in the drop-down list.Selecting an IP address in a evaluation setup is acceptable, but using a DNS name is more resilient. If you select Console’s IP address, and Console’s IP address changes, your Defenders will no longer be able to communicate with Console.
- (Optional) Set a proxy (3) for the Defender to use for the communication with the Console.
- (Optional) Set a custom communication port (4) for the Defender to use.
- (Optional) SetAssign globally unique names to HoststoONwhen you have multiple hosts that can have the same hostname (e.g., autoscale groups, overlapping IP addresses, etc).After setting the toggle toON, Prisma Cloud appends a unique identifier, such as ResourceId, to the host’s DNS name. For example, an AWS EC2 host would have the following name: Ip-171-29-1-244.ec2internal-i-04a1dcee6bd148e2d.
- In the second drop-down list (5), selectHost Defender - LinuxorHost Defender - Windows.
- In the final field, copy the install command, which is generated according to the options you selected.
On the host where you want to install Defender, paste the command into a shell window, and run it.
Install a single Host Defender (twistcli)
Use twistcli to install a single Host Defender on a Linux host.
Anywhere <CONSOLE> is used, be sure to specify both the address and port number for Console’s API.
By default, the port is 8083.
For example, https://<CONSOLE>:8083.
Prerequisites
:- Your system meets all minimum system requirements.
- You have already installed Console.
- Port 8083 is open on the host where Console runs. Port 8083 serves the API. Port 8083 is the default setting, but it is customizable when first installing Console. When deploying Defender, you can configure it to communicate to Console via a proxy.
- Port 8084 is open on the host where Console runs. Console and Defender communicate with each other over a web socket on port 8084. Defender initiates the connection. Port 8084 is the default setting, but it is customizable when first installing Console. When deploying Defender, you can configure it to communicate to Console via a proxy.
- You’ve created a service account with the Defender Manager role. twistcli uses the service account to access Console.
- Console can be accessed over the network from the host where you want to install Defender.
- You have sudo access to the host where Defender will be installed.
- Verify that the host machine where you install Defender can connect to Console.$ curl -sk -D - https://<CONSOLE>/api/v1/_pingIf curl returns an HTTP response status code of 200, you have connectivity to Console. If you customized the setup when you installed Console, you might need to specify a different port.SSH to the host where you want to install Defender.Download twistcli.$ curl -k \ -u <USER> \ -L \ -o twistcli \ https://<CONSOLE>/api/v1/util/twistcliMake the twistcli binary executable.$ chmod a+x ./twistcliInstall Defender.$ sudo ./twistcli defender install standalone host-linux \ --address https://<CONSOLE> \ --user <USER>Verify the installVerify that Defender is installed and connected to Console.In Console, go toManage > Defenders > Manage. Your new Defender should be listed in the table, and the status box should be green and checked.