1. Home
    2. Prisma
    3. Prisma Cloud
    4. Prisma Cloud Administrator’s Guide (Compute)
    5. Install
    6. Deploy Prisma Cloud Defenders
    7. Install a Single Container Defender

    Install a Single Container Defender

    Install Container Defender on each host that you want Prisma Cloud to protect.
    Single Container Defenders can be configured in the Console UI, and then deployed with a curl-bash script. Alternatively, you can use twistcli to configure and deploy Defender directly on a host.

    Install a single Container Defender (Console UI)

    Configure how a single Container Defender will be installed, and then install it with the resulting curl-bash script.
    Prerequisites
    :
    • Your system meets all minimum system requirements.
    • Ensure your host can access the Prisma Cloud console the network.
      • Port 443 is open for outgoing traffic from your host.
    • You have sudo access to the host where you want to deploy the Defender.
    1. Verify that the host machine where you install Defender can connect to the Prisma Cloud console.
      1. Copy the path to the value under
        Path to Console
         from
        Compute > Manage > System > Utilities
        .
      2. Complete the following command with copied value.
        curl -sk -D - <PATH-TO-CONSOLE>/api/v1/_ping
      3. Run the command on your host system. If curl returns an HTTP response status code of 200, you have connectivity to Console.
    2. Go to
      Compute > Manage > Defenders > Deployed Defenders
       and select
      Manual deploy
      .
    3. Under
      Deployment method
      , select
      Single Defender
      .
    4. Select your desired
      Defender type
    5. Under
      The name that Defender will use to connect to this Console
       select the correct item from the list of IP addresses and hostnames pre-populated in the drop-down list. After adding a SAN, your IP address or hostname will be available in the drop-down list.
      Selecting an IP address in a evaluation setup is acceptable, but using a DNS name is more resilient. If you select Console’s IP address, and Console’s IP address changes, your Defenders will no longer be able to communicate with Console.
    6. Under
      Defender and Console communication
       enter the following optional configuration.
      1. Set a custom communication port for the Defender to use.
      2. Set a proxy for the Defender to use for the communication with the Prisma Cloud console.
    7. Under
      Advanced Settings
      , you can enter the following additional network configurations.
      1. Select the listener type. The default setting is
        None
        .
      2. Set
        Assign globally unique names to Hosts
         to
        ON
         when you have multiple hosts that can have the same hostname.
        After setting the toggle to
        ON
        , Prisma Cloud appends a unique identifier, such as ResourceId, to the host’s DNS name. For example, an AWS EC2 host would have the following name: Ip-171-29-1-244.ec2internal-i-04a1dcee6bd148e2d.
    8. Copy the install command from the
      Installation
       sidebar. The script is generated according to the options you selected.
    9. On the host where you want to install Defender, paste the command into a shell window, and run it.

    Verify the install

    Verify that Defender is installed and connected to Console.
    Defender can be deployed and run with full functionality when dockerd is configured with SELinux enabled (--selinux-enabled=true). All features will work normally and without any additional configuration steps required. Prisma Cloud automatically detects the SELinux configuration on a per-host basis and self-configures itself as needed. No action is needed from the user.
    1. In Console, go to
      Manage > Defenders > Manage
      .
      Your new Defender should be listed in the table, and the status box should be green and checked.