Deploy a Single Container Defender using the CLI

Use the twistcli CLI tool to install a single Container Defender on a Linux host.
  • Your system meets all minimum system requirements.
    • Port 443 is open for outgoing traffic from your host.
  • You have sudo access to the host where you want to deploy the Defender.
  • You’ve created a service account with the Defender Manager role. twistcl uses the service account to access Console.
  1. Verify that the host where you install Defender can connect to the Prisma Cloud console.
    1. Copy the path to the value under
      Path to Console
      Compute > Manage > System > Utilities
    2. Complete the following command with copied value.
      curl -sk -D - <PATH-TO-CONSOLE>/api/v1/_ping
    3. Run the command on your host. If curl returns an HTTP response status code of 200, you have connectivity to Console.
  2. SSH to the host where you want to install Defender.
  3. Download twistcli.
    $ curl -k \ -u <USER> \ -L \ -o twistcli \ https://<CONSOLE>/api/v1/util/twistcli
  4. Make the twistcli binary executable.
    $ chmod a+x ./twistcli
  5. Install Defender.
    $ sudo ./twistcli defender install standalone container-linux \ --address https://<CONSOLE> \ --user <USER>
  6. Verify Defender was installed correctly.
    $ sudo docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 677c9883c4b6 twistlock/private:defender_21_04_333 "/usr/local/bin/defe…" 11 seconds ago Up 10 seconds twistlock_defender_21_04_333

Verify the install

Verify that Defender is installed and connected to Console.
Defender can be deployed and run with full functionality when dockerd is configured with SELinux enabled (--selinux-enabled=true). All features will work normally and without any additional configuration steps required. Prisma Cloud automatically detects the SELinux configuration on a per-host basis and self-configures itself as needed. No action is needed from the user.
  1. In the Prisma Cloud console, go to
    Manage > Defenders > Manage
    Your new Defender should be listed in the table, and the status box should be green and checked.