Host scanning
Prisma Cloud scans all hosts where Defender is installed.
Defender scans hosts for the following types of vulnerabilities:
- Host configuration: Vulnerabilities in the host setup.
- Docker daemon configuration: Vulnerabilities that stem from misconfiguring your Docker daemons. Docker daemon derives its configuration from various files, including /etc/sysconfig/docker or /etc/default/docker. Misconfigured daemons affect all container instances on a host.
- Docker daemon configuration files: Vulnerabilities that arise from improperly securing critical configuration files with the correct permissions.
- Docker security operations: Recommendations and reminders for extending your current security best practices to include containers.
Prisma Cloud implements the checks from:
- CIS Distribution Independent Linux v2.0.0.
- CIS Amazon Linux 2 Benchmark v1.0.0 (for AL 2)
- CIS Amazon Linux Benchmark v2.1.0 (for AL 1)
Reviewing host scan reports
Prisma Cloud lets you filter the displayed hosts by searching for specific hosts or by collection.
Collections support AWS tags.
When creating new collections, specify the tags you want to use for filtering in the
Labels
field.You can filter the displayed hosts by searching for specific hosts or by choosing a collection.
Collections support AWS tags.
When creating a new collection, add the tags you want to use for filtering to the
Labels
field.- Open Console, then go toMonitor > Compliance > Hosts > Running Hosts.
- Click on a host in the list.A report for the compliance issues on the host is shown.
All vulnerabilities identified in the latest host scan can be exported to a CSV file by clicking on theCSVbutton in the top right of the table.
