Prisma Cloud Compute Edition Administrator’s Guide
    : Uninstall Defenders
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma
    3. Prisma Cloud
    4. Prisma Cloud Compute Edition Administrator’s Guide
    5. Install
    6. Deploy Prisma Cloud Defenders
    7. Uninstall Defenders
    Download PDF

    Prisma Cloud Compute Edition Administrator’s Guide

    Uninstall Defenders

    Table of Contents

    Uninstall Defenders

    The preferred method to uninstall Defenders is via the Console UI under
    Manage > Defenders
    .
    Regularly uninstalling stale Defenders keeps your view of the environment clean and conserves licenses. You can uninstall Defenders can be decommissioned from the Console UI or the Prisma Cloud API.
    Prisma Cloud automatically removes stale Defenders for you. Automatic removal is recommended in large scale environments. If Defenders are not uninstalled many can become permanently offline and clutter your view of the environment. To keep your view clean, the Prisma Cloud Console automatically uninstalls Defenders that haven’t been connected to it for more than one day. This keeps the list of connected Defenders valid for any given 24-hour window.
    The refresh period can be configured up to a maximum of 365 days under
    Manage > Defenders > Settings > Automatically remove disconnected Defenders after (days)
    .
    We recommend letting Prisma Cloud automatically uninstall stale Defenders rather than using the UI or API.

    Decommission Defenders manually

    You can manually decommission the Defenders from the Console.
    • Go to
      Manage > Defenders
       to see a list of all the Defenders connected to Console.
    • Under
      Actions
      , select
      Delete
       to decommission the respective Defender.

    Decommission Defenders with the API

    The following endpoint can be used to decommission a Defender.
    Path
    DELETE /api/v1/defenders/[hostname]
    Description
    Deletes a Defender from the database. This endpoint does not actually uninstall Defender. Use the fully qualified domain name (FQDN) of the host. You can find the FQDN of the host in
    Manage > Defenders > Actions > Manage
    .
    Example request
    $ curl -X DELETE \
  -u <USERNAME>:<PASSWORD>
  'https://<CONSOLE>:8083/api/v1/defenders/aqsa-cto.sandbox'

    Force Uninstall Defender

    If a Defender instance is not connected to the Prisma Cloud Console, or is otherwise not manageable through the UI, you can manually remove it.
    Go to the Linux host where the Container Defender runs and use the following command:
    $ sudo /var/lib/twistlock/scripts/twistlock.sh -u
    If you run this command on the same Linux host where the Prisma Cloud Console is installed, it also uninstalls Prisma Cloud Console.
    On the Linux host where Host Defender runs, use the following command:
    $ sudo /var/lib/twistlock/scripts/twistlock.sh -u defender-server
    On the Windows host where Defender runs, use the following command:
    C:\Program Files\Prisma Cloud\scripts\defender.ps1 -uninstall

    Uninstall all Prisma Cloud Resources in a Kubernetes Environment

    To uninstall all Prisma Cloud resources from a Kubernetes-based deployment, delete the twistlock namespace. Deleting this namespace deletes every resource within the namespace.
    When you delete the twistlock namespace, you also delete the persistent volume (PV) in the namespace. By default, the Prisma Cloud Console stores its data in that PV. When the PV is deleted, all data is lost, and you can’t restore the Prisma Cloud Console.
    1. Delete the twistlock namespace.
      $ kubectl delete namespaces twistlock

    Recommended For You

    © 2023 Palo Alto Networks, Inc. All rights reserved.