Install a Single Host Defender
Table of Contents
Prisma Cloud Enterprise Edition
Expand all | Collapse all
-
- Getting started
- System Requirements
- Cluster Context
-
- Defender Types
- Manage your Defenders
- Redeploy Defenders
- Uninstall Defenders
-
- Deploy Orchestrator Defenders on Amazon ECS
- Automatically Install Container Defender in a Cluster
- Deploy Prisma Cloud Defender from the GCP Marketplace
- Deploy Defenders as DaemonSets
- VMware Tanzu Application Service (TAS) Defender
- Deploy Defender on Google Kubernetes Engine (GKE)
- Google Kubernetes Engine (GKE) Autopilot
- Deploy Defender on OpenShift v4
- Deploy Defender with Declarative Object Management
-
- Agentless Scanning Modes
-
- Onboard AWS Accounts for Agentless Scanning
- Configure Agentless Scanning for AWS
- Onboard Azure Accounts for Agentless Scanning
- Configure Agentless Scanning for Azure
- Onboard GCP Accounts for Agentless Scanning
- Configure Agentless Scanning for GCP
- Onboard Oracle Cloud Infrastructure (OCI) Accounts for Agentless Scanning
- Configure Agentless Scanning for Oracle Cloud Infrastructure (OCI)
- Agentless Scanning Results
-
- Rule ordering and pattern matching
- Backup and Restore
- Custom feeds
- Configuring Prisma Cloud proxy settings
- Prisma Cloud Compute certificates
- Configure scanning
- User certificate validity period
- Enable HTTP access to Console
- Set different paths for Defender and Console (with DaemonSets)
- Authenticate to Console with Certificates
- Customize terminal output
- Collections
- Tags
- WildFire Settings
- Log Scrubbing
- Permissions by feature
-
- Prisma Cloud Vulnerability Feed
- Scanning Procedure
- Vulnerability Management Policies
- Vulnerability Scan Reports
- Scan Images for Custom Vulnerabilities
- Base images
- Vulnerability Explorer
- CVSS scoring
- CVE Viewer
-
- Configure Registry Scans
- Scan Images in Alibaba Cloud Container Registry
- Scan Images in Amazon Elastic Container Registry (ECR)
- Scan images in Azure Container Registry (ACR)
- Scan Images in Docker Registry v2 (including Docker Hub)
- Scan Images in GitLab Container Registry
- Scan images in Google Artifact Registry
- Scan Images in Google Container Registry (GCR)
- Scan Images in Harbor Registry
- Scan Images in IBM Cloud Container Registry
- Scan Images in JFrog Artifactory Docker Registry
- Scan Images in Sonatype Nexus Registry
- Scan images in OpenShift integrated Docker registry
- Scan Images in CoreOS Quay Registry
- Trigger Registry Scans with Webhooks
- Configure VM image scanning
- Configure code repository scanning
- Malware scanning
- Windows container image scanning
- Serverless Functions Scanning
- VMware Tanzu Blobstore Scanning
- Scan App-Embedded workloads
- Troubleshoot Vulnerability Detection
-
- Compliance Explorer
- Enforce compliance checks
- CIS Benchmarks
- Prisma Cloud Labs compliance checks
- Malware Scanning
- Serverless functions compliance checks
- Windows compliance checks
- DISA STIG compliance checks
- Custom compliance checks
- Trusted images
- Host scanning
- VM image scanning
- App-Embedded scanning
- Detect secrets
- OSS license management
-
- Alert Mechanism
- AWS Security Hub
- Cortex XDR alerts
- Cortex XSOAR alerts
- Email alerts
- Google Cloud Pub/Sub
- Google Cloud Security Command Center
- IBM Cloud Security Advisor
- JIRA Alerts
- PagerDuty alerts
- ServiceNow alerts for Security Incident Response
- ServiceNow alerts for Vulnerability Response
- Slack Alerts
- Splunk Alerts
- Webhook alerts
- API
Install a Single Host Defender
Install Host Defender on each host that you want Prisma Cloud to protect.
Single Host Defenders can be configured in the Console UI, and then deployed with a curl-bash script.
Alternatively, you can use twistcli to configure and deploy Defender directly on a host.
Install a Host Defender (Console UI)
Host Defenders are installed with a curl-bash script.
Prerequisites
:- Your system meets all minimum system requirements.
- Ensure that the host machine where you installed the Defender can access the Prisma Cloud console the network.
- You have sudo access to the host where Defender will be installed.
- Go toCompute > Manage > System > Utilitiesand copy thePath to Console.
- Run the following command by replacing the variable PATH-TO-CONSOLE with the copied value:curl -sk -D - <PATH-TO-CONSOLE>/api/v1/_pingRun the command on your host system. If curl returns an HTTP response status code of 200, you have connectivity to Console.
- Go toCompute > Manage > Defenders > Defenders: Deployedand selectManual deploy.
- UnderDeployment method, selectSingle Defender.
- InDefender type, selectHost Defender - LinuxorHost Defender - Windows.
- (Optional) Set a custom communication port (4) for the Defender to use.
- (Optional) Set a proxy (3) for the Defender to use for the communication with the Console.
- (Optional) UnderAdvanced Settings, EnableAssign globally unique names to Hostswhen you have multiple hosts that can have the same hostname (like autoscale groups, and overlapping IP addresses).After setting the option toON, Prisma Cloud appends a unique identifier, such as ResourceId, to the host’s DNS name. For example, an AWS EC2 host would have the following name: Ip-171-29-1-244.ec2internal-i-04a1dcee6bd148e2d.
- Copy the install scripts command from the right side panel, which is generated according to the options you selected. On the host where you want to install Defender, paste the command into a shell window, and run it.
Install a single Host Defender (twistcli)
Use twistcli to install a single Host Defender on a Linux host.
Prerequisites
:- Your system meets all minimum system requirements.
- Console can be accessed over the network from the host where you want to install Defender.
- You have sudo access to the host where Defender will be installed.
- Create a Role with Cloud Provisioning Admin permissions and withoutanyaccount groups attached.
- Verify that the host machine where you install Defender can connect to Console.$ curl -sk -D - https://<CONSOLE>/api/v1/_pingIf curl returns an HTTP response status code of 200, you have connectivity to Console. If you customized the setup when you installed Console, you might need to specify a different port.SSH to the host where you want to install Defender.Download twistcli.$ curl -k \ -u <USER> \ -L \ -o twistcli \ https://<CONSOLE>/api/v1/util/twistcliMake the twistcli binary executable.$ chmod a+x ./twistcliInstall Defender.$ sudo ./twistcli defender install standalone host-linux \ --address https://<CONSOLE> \ --user <USER>Verify the InstallVerify that the Defender is installed and connected to Console.In Console, go toManage > Defenders > Defenders: Deployed. Your new Defender should be listed in the table, and the status box should be green and checked.