Install a Single Container Defender
Install Container Defender on each host that you want Prisma Cloud to protect.
Single Container Defenders can be configured in the Console UI, and then deployed with a curl-bash script. Alternatively, you can use twistcli to configure and deploy Defender directly on a host.
Install a single Container Defender (Console UI)
Configure how a single Container Defender will be installed, and then install it with the resulting curl-bash script.
- Ensure your host can access the Prisma Cloud console the network.
- Port 443 is open for outgoing traffic from your host.
- You have sudo access to the host where you want to deploy the Defender.
- Verify that the host machine where you install Defender can connect to the Prisma Cloud console.
- Copy the path to the value underPath to ConsolefromCompute > Manage > System > Utilities.
- Complete the following command with copied value.curl -sk -D - <PATH-TO-CONSOLE>/api/v1/_pingRun the command on your host system. If curl returns an HTTP response status code of 200, you have connectivity to Console.
- Go toCompute > Manage > Defenders > Deployed Defendersand selectManual deploy.
- UnderDeployment method, selectSingle Defender.
- Select your desiredDefender type
- UnderThe name that Defender will use to connect to this Consoleselect the correct item from the list of IP addresses and hostnames pre-populated in the drop-down list. After adding a SAN, your IP address or hostname will be available in the drop-down list.Selecting an IP address in a evaluation setup is acceptable, but using a DNS name is more resilient. If you select Console’s IP address, and Console’s IP address changes, your Defenders will no longer be able to communicate with Console.
- UnderDefender and Console communicationenter the following optional configuration.
- Set a custom communication port for the Defender to use.
- Set a proxy for the Defender to use for the communication with the Prisma Cloud console.
- UnderAdvanced Settings, you can enter the following additional network configurations.
- Select the listener type. The default setting isNone.
- SetAssign globally unique names to HoststoONwhen you have multiple hosts that can have the same hostname.After setting the toggle toON, Prisma Cloud appends a unique identifier, such as ResourceId, to the host’s DNS name. For example, an AWS EC2 host would have the following name: Ip-171-29-1-244.ec2internal-i-04a1dcee6bd148e2d.
- Copy the install command from theInstallationsidebar. The script is generated according to the options you selected.
- On the host where you want to install Defender, paste the command into a shell window, and run it.
Verify the install
Verify that Defender is installed and connected to Console.
Defender can be deployed and run with full functionality when dockerd is configured with SELinux enabled (--selinux-enabled=true). All features will work normally and without any additional configuration steps required. Prisma Cloud automatically detects the SELinux configuration on a per-host basis and self-configures itself as needed. No action is needed from the user.
- In Console, go toManage > Defenders > Manage.Your new Defender should be listed in the table, and the status box should be green and checked.