Focus
Focus
Table of Contents

System Requirements

Before installing Prisma Cloud, verify that your environment meets the minimum requirements.
For information about when Prisma Cloud adds and drops support for third party software, see our support lifecycle page.
The following sections describe the system requirements in detail.

Hardware

Prisma Cloud supports
x86_64
and
ARM64
architectures. Ensure that your systems meet the following hardware requirements.

Defender Resource Requirements

Each Defender requires 256MB of RAM and 8GB of host storage.
The Defender uses cgroups v1 or v2 to cap resource usage at 512MB of RAM and 900 CPU shares where a typical load is ~1-5% CPU and 30-70MB RAM.
The Defender stores its data in the /var folder. When allocating disk space for Defender, ensure the required space is available in the /var folder. Defenders are designed to be portable containers that collect data. Any data that must be persisted is sent to the Prisma Cloud Console for storage. Defenders don’t require persistent storage. If you deploy persistent storage for Defenders, it can corrupt Defender files.
If Defenders provide registry scanning they require the following resources:
  • Defenders providing registry scanning--
  • 2GB of RAM
  • 20GB of storage
  • 2 CPU cores Defenders that are part of CI integrations (Jenkins, twistcli) require storage space depending on the size of the scanned images. The required disk space is 1.5 times the size of the largest image to be scanned, per executor. For example, if you have a Jenkins instance with two executors, and your largest container image is 500MB, then you need at least 1.5GB of storage space: 500MB x 1.5 x 2

Virtual Machines (VMs)

Prisma Cloud has been tested on the following hypervisors:
  • VMware for Tanzu Kubernetes Grid Multicloud (TKGM)
  • VMware for Tanzu Kubernetes Grid Integrated (TKGI)

Cloud Platforms

Prisma Cloud can run on nearly any cloud Infrastructure as a Service (IaaS) platform.
Prisma Cloud has been tested on the following services:
  • Amazon Web Services (AWS)
  • Google Cloud Platform
  • IBM Cloud
  • Microsoft Azure
  • Oracle Cloud Infrastructure (OCI)
  • Alibaba Cloud: You can deploy Defenders on VMs, hosts running containers, and clusters on Alibaba Cloud using the instructions for the supported host operating systems and orchestrator versions. Specific deployment instructions for Alibaba Cloud are not documented and Cloud discovery is not supported.

ARM Architecture Requirements

The following setups support Prisma Cloud on ARM64 architecture:
  • Cloud provider
  • Supported Defenders:
    • Orchestrator Defenders on AWS and GCP
    • Host Defenders including auto-defend on AWS
The twistcli is supported on Linux ARM64 instances.
The Prisma Cloud Console doesn’t support running on ARM64 systems.

Operating Systems for bare-metal Hosts and Virtual Machines

Prisma Cloud is supported on both x86_64 and ARM64

Supported Operating Systems on x86_64

Prisma Cloud is supported on the following host operating systems on x86_64 architecture:
Distro
Version
Kernel
Supported Kubelet
Supported runtime
Notes
Amazon Linux 2
AMI name: amzn2-ami-hvm-2.0.20230727.0-x86_64-gp2 AMI ID: ami-09748abeb7370d1bc
4.14.322-244.536.amzn2.x86_64
Amazon Linux 2023
AMI ID:ami-02396cdd13e9a1257
6.1.23-36.46.amzn2023.x86_64
Azure Linux docker image
20230426
Bottlerocket OS
1.9.2
1.23.7
containerd 1.6.6
Defenders must be installed as privileged on Bottlerocket. The following features are not available for Bottlerocket: - Vulnerability and compliance blocking policies - RunC - Prevent on containerd runtime - Compliance for containerd
Bottlerocket OS
1.9.2
1.24.9
containerd 1.6.15+bottlerocket
Defenders must be installed as privileged on Bottlerocket. The following features are not available for Bottlerocket: - Vulnerability and compliance blocking policies - RunC - Prevent on containerd runtime - Compliance for containerd
Bottlerocket OS
1.9.2
1.25.5
containerd 1.6.15+bottlerocket
Defenders must be installed as privileged on Bottlerocket. The following features are not available for Bottlerocket: - Vulnerability and compliance blocking policies - RunC - Prevent on containerd runtime - Compliance for containerd
Bottlerocket OS
1.9.2
1.26.2
containerd 1.6.19+bottlerocket
Defenders must be installed as privileged on Bottlerocket. The following features are not available for Bottlerocket: - Vulnerability and compliance blocking policies - RunC - Prevent on containerd runtime - Compliance for containerd
Bottlerocket OS
1.14.1
1.27.1
containerd://1.6.20+bottlerocket
Defenders must be installed as privileged on Bottlerocket. The following features are not available for Bottlerocket: - Vulnerability and compliance blocking policies - RunC - Prevent on containerd runtime - Compliance for containerd
Bottlerocket OS
1.14.2
1.27.3
containerd://1.6.20+bottlerocket
Defenders must be installed as privileged on Bottlerocket. The following features are not available for Bottlerocket: - Vulnerability and compliance blocking policies - RunC - Prevent on containerd runtime - Compliance for containerd
Bottlerocket OS
1.14.3
1.27.3
containerd://1.6.20+bottlerocket
Defenders must be installed as privileged on Bottlerocket. The following features are not available for Bottlerocket: - Vulnerability and compliance blocking policies - RunC - Prevent on containerd runtime - Compliance for containerd
CentOS
7
CentOS
8
CentOS
9
Debian
10
Debian
11
Debian
12
GCOOS
latest
GCOOS is purposefully minimalistic. It doesn’t support installing new packages or writing new bins. Hence, Prisma Cloud’s vulnerability detection on GCOOS only covers Docker and Kubernetes package binary detection. Runtime prevent capability is supported only for DNS events. Other prevent capabilities are not supported.
Oracle Enterprise Linux (OEL)
7
Oracle Enterprise Linux (OEL)
8
Oracle Enterprise Linux (OEL)
9
Agentless scanning is not supported for OEL 9. Vulnerabilities are matched by architecture, which leads to ARM images showing x86 relevant vulnerabilities and vice versa.
Red Hat Enterprise Linux (RHEL)
7
Red Hat Enterprise Linux (RHEL)
8
Red Hat Enterprise Linux (RHEL)
9
Red Hat Enterprise Linux CoreOS (RHCOS)
All versions included in OpenShift versions: 4.9, 4.10, and 4.11
Rocky Linux
8
Rocky Linux
9.0
SUSE
SLES-12 SP5
SUSE
SLES 15 SP1 - SP4
Talos OS
1.3.0
5.15.83-talos
1.25.4
containerd 1.6.12
The following features are not available for Talos OS: - Scanning of underlying hosts - Agentless scanning - Vulnerability and compliance blocking policies - WAAS defense
Talos OS
1.3.3
5.15.89-talos
1.25.4
containerd 1.6.15
The following features are not available for Talos OS: - Scanning of underlying hosts - Agentless scanning - Vulnerability and compliance blocking policies - WAAS defense
Talos OS
1.3.5
5.15.94-talos
1.25.4
containerd 1.6.18
The following features are not available for Talos OS: - Scanning of underlying hosts - Agentless scanning - Vulnerability and compliance blocking policies - WAAS defense
Talos OS
1.4.1
6.1.25-talos
1.26.3
containerd 1.6.20
Agentless scanning is not supported
Ubuntu
22.04 LTS
Ubuntu
20.04 LTS
Ubuntu
18.04 LTS
VMWare Photon OS
3.0
Runtime scanning supported with kernel version >= 4.19.191-1
The following use features are currently not supported in Photon 3.0: - SSHD application in host runtime events and empty SSH events on Host observations - Vulnerabilities in Layers view
VMWare Photon OS
4.0
The following use features are currently not supported in Photon 4.0: - SSHD application in host runtime events and empty SSH events on Host observations - Vulnerabilities in Layers view
Windows
Server 2016
Server 2016 Long-Term Servicing Channel (LTSC) support includes only following features: - Vulnerabilty scanning - Compliance scanning - CNNS defense for container - WAAS defense for hosts - Runtime defense for container
Windows
Server 2019
Server 2019 Long-Term Servicing Channel (LTSC) support includes only following features: - Vulnerabilty scanning - Compliance scanning - CNNS defense for container - WAAS defense for hosts - Runtime defense for container
Windows
Server 2022
Server 2022 Long-Term Servicing Channel (LTSC) support includes only following features: - Vulnerabilty scanning - Compliance scanning - CNNS defense for container - WAAS defense for hosts - Runtime defense for container

Supported Operating Systems on ARM64

Prisma Cloud supports host Defenders on the following host operating systems on ARM64 architecture in AWS.
Distro
Version
Kernel
Supported Kubelet
Supported runtime
Notes
Amazon Linux 2
AMI Image: amzn-ami-hvm-2018.03.0.20220315.0-x86_64-gp2 AMI ID: ami-0f7691f59fd7c47af
5.10.96-90.460.amzn2.aarch64
CentOS
8
Debian
10
Redhat Enterprise Linux (RHEL)
8
Redhat Enterprise Linux (RHEL)
9
Ubuntu
18
Ubuntu
20
Oracle Enterprise Linux (OEL)
8
Oracle Enterprise Linux (OEL)
9

Kernel Capabilities

Prisma Cloud Defender requires the following kernel capabilities. Refer to the the Linux capabilities man page for more details on each capability.
  • CAP_NET_ADMIN
  • CAP_NET_RAW
  • `CAP_SYS_ADMIN
  • CAP_SYS_PTRACE
  • CAP_SYS_CHROOT
  • CAP_MKNOD
  • CAP_SETFCAP
  • CAP_IPC_LOCK
  • The Prisma Cloud App-Embedded Defender requires CAP_SYS_PTRACE only.
  • If you have enabled the CNNS capabilities and are on v4.15.x kernel you must upgrade the kernel version to v5.4.x or later.
When running on a Docker host, Prisma Cloud Defender uses the following files/folder on the host:
  • /var/run/docker.sock — Required for accessing Docker runtime.
  • /var/lib/twistlock — Required for storing Prisma Cloud data.
  • /dev/log — Required for writing to syslog.

Docker Engine

Prisma Cloud supports only the versions of the Docker Engine supported by Docker itself. Prisma Cloud supports only the following official mainstream Docker releases and later versions.
Edition
Version
Community Edition (CE)
18.06.1
Community Edition (CE)
20.10.7
Community Edition (CE)
20.10.13
Enterprise Edition (EE)
19.03.4
Enterprise Edition (EE)
19.03.8
The following storage drivers are supported: * overlay2 * overlay * devicemapper are supported.
For more information, review Docker’s guide to select a storage driver.
The versions of Docker Engine listed apply to versions you independently install on a host. The versions shipped as a part of an orchestrator, such as Red Hat OpenShift, might defer. Prisma Cloud supports the version of Docker Engine that ships with any Prisma Cloud-supported version of the orchestrator.

Container Runtimes

Prisma Cloud supports several container runtimes depending on the orchestrator. Supported versions are listed in the orchestration section

Podman

Podman is a daemon-less container engine for developing, managing, and running OCI containers on Linux. The twistcli tool can use the preinstalled Podman binary to scan CRI images.
Podman v1.6.4, v3.4.2, v4.0.2

Helm

Helm is a package manager for Kubernetes that allows developers and operators to more easily package, configure, and deploy applications and services onto Kubernetes clusters.
Helm v3.10, v3.10.3, and 3.11 are supported.

Orchestrators

Prisma Cloud is supported on the following orchestrators. We support the following versions of official mainline vendor/project releases.

Supported Orchestrators on x86_64

Orchestrator
Version
Operating System
Image
Runtime
Kernel
Tested in
Notes
Azure Kubernetes Service (AKS)
v1.25.11
Linux
-
containerd://1.7.1+azure-1
-
31.01
Azure Kubernetes Service (AKS)
v1.26.6
Linux
-
containerd://1.7.1+azure-1
-
31.01
Azure Kubernetes Service (AKS)
1.27.3
Linux
-
containerd://1.7.1+azure-1
-
31.01
Azure Kubernetes Service (AKS)
1.27.1
Linux
-
containerd://1.7.1+azure-1
-
31.00
Azure Kubernetes Service (AKS)
1.26.6
Windows
containerd://1.6.21+azure
31.01
Azure Kubernetes Service (AKS)
1.26.3
Windows
containerd://1.6.21+azure
31.00
Elastic Kubernetes Service (EKS)
v1.23.9-eks-ba74326
-
-
containerd://1.6.6
-
31.01
Elastic Kubernetes Service (EKS)
v1.24.7-eks-fb459a0
-
-
containerd://1.6.6
-
31.01
Elastic Kubernetes Service (EKS)
v1.25.12-eks-2d98532
-
-
containerd://1.6.6
-
31.01
Elastic Kubernetes Service (EKS)
v1.26.2-eks-a59e1f0
-
-
containerd://1.6.6
-
31.01
Elastic Kubernetes Service (EKS)
1.27.3
-
-
containerd://1.6.19
-
31.01
Elastic Kubernetes Service (EKS)
1.27.3
-
-
containerd://1.6.19
-
31.00
Elastic Kubernetes Service (EKS) Bottlerocket
1.27.3
-
containerd://1.6.20+bottlerocket
-
31.01
Elastic Kubernetes Service (EKS) Bottlerocket
1.27.3
-
-
containerd://1.6.20+bottlerocket
-
31.00
Elastic Container Service (ECS)
1.75.0
-
al2023-ami-ecs-hvm-2023.0.20230809-kernel-6.1-x86_64
Docker version: 20.10.23
-
31.01
Elastic Container Service (ECS)
1.74.1
-
al2023-ami-ecs-hvm-2023.0.20230720-kernel-6.1-x86_64
Docker version: 20.10.23
-
31.00
Google Kubernetes Engine (GKE)
v1.23.17-gke.10700
containerd://1.5.18
31.01
Google Kubernetes Engine (GKE)
v1.24.16-gke.500
containerd://1.6.20
31.01
Google Kubernetes Engine (GKE)
v1.25.12-gke.500
containerd://1.6.18
31.01
Google Kubernetes Engine (GKE)
v1.26.7-gke.500
containerd://1.6.18
31.01
Google Kubernetes Engine (GKE)
1.27.4-gke.904
containerd://1.7.6
31.01
Google Kubernetes Engine (GKE)
1.27.3-gke.100
containerd://1.7.0
31.00
Google Kubernetes Engine (GKE) autopilot
1.26.5-gke.1200
-
-
containerd://1.6.18
-
31.01
Custom Compliance and Prevent (Runtime) are not supported.
Google Kubernetes Engine (GKE) autopilot
1.26.5-gke.1200
-
-
containerd://1.6.18
-
31.00
Custom Compliance and Prevent (Runtime) are not supported.
Kubernetes (k8s)
1.28.1
-
-
containerd://1.6.22
-
31.01
Kubernetes (k8s)
1.27.4
-
-
containerd://1.6.22
-
31.00
Kubernetes (k8s)
1.28.1
cri-o://1.28.1
-
31.01
Kubernetes (k8s)
1.27.4
cri-o://1.27.1
-
31.00
Lightweight Kubernetes (k3s)
v1.27.4+k3s1
containerd://1.7.1-k3s1
31.00
Lightweight Kubernetes (k3s)
v1.27.4+k3s1
containerd://1.7.1-k3s1
31.00
OpenShift
4.11
cri-o://1.24.1-11.rhaos4.11.gitb0d2ef3.el8
31.01
OpenShift
4.12
cri-o://1.25.1-5.rhaos4.12.git6005903.el8
31.01
OpenShift
4.13.3
cri-o://1.26.3-9.rhaos4.13.git9232b13.el9
31.01
OpenShift
4.12
-
-
crio://1.25.1-5.rhaos4
-
31.00
VMware Tanzu Application Service (TAS)
4.00
Linux
-
-
31.01
Agentless scan not supported
VMware Tanzu Application Service (TAS)
4.00
Linux
-
-
31.00
Agentless scan not supported
VMware Tanzu Application Service (TAS)
4.00
Windows
-
-
-
31.01
Agentless scan not supported
VMware Tanzu Application Service (TAS)
4.00
Windows
-
-
-
31.00
Agentless scan not supported
VMware Tanzu Kubernetes Grid Multicloud (TKGM)
1.25.7+vmware.2
VMware Photon 3 OS/Linux
-
containerd:1.6.18-1
4.19.272.5.ph3
31.01
TKGM platform version: 1.6.0 Agentless scan not supported
VMware Tanzu Kubernetes Grid Multicloud (TKGM)
v1.23.8+vmware.2
VMware Photon 3 OS/Linux
-
containerd://1.6.6
4.19.247-7.ph3
31.00
TKGM platform version: 1.6.0 Agentless scan not supported
VMware Tanzu Kubernetes Grid Integrated Edition (TKGI)
v1.26.5+vmware.1
Ubuntu 22.04.1 LTS
containerd://1.6.18-1-gdbc99e5b1
5.19.0-50-generic
31.01
TKGI platform version: 1.16.0 Agentless scan not supported
VMware Tanzu Kubernetes Grid Integrated Edition (TKGI)
v1.25.10+vmware.1
Ubuntu 22.04.1 LTS
containerd://1.6.18
5.19.0-50-generic
31.00
TKGI platform version: 1.16.0 Agentless scan not supported
RKE2
1.27.4+rke2r1
-
-
containerd://1.7.1-k3s1
-
31.01
RKE2
1.27.4+rke2r1
-
-
containerd://1.7.1-k3s1
-
31.00
TalOS
1.26.3
-
-
containerd://1.6.23
6.1.46-talos
31.01
Agentless scan not supported
TalOS
1.26.3
-
-
containerd://1.6.21
6.1.41-talos
31.00
Agentless scan not supported

Supported Orchestrators on ARM64

Prisma Cloud supports the official releases of the following orchestrators for the ARM64 architecture.
Orchestrator
Version
Operating System
Image
Runtime
Kernel
Tested in
Elastic Container Service (ECS)
1.75.0
-
AMI-Name: al2023-ami-ecs-hvm-2023.0.20230809-kernel-6.1-arm64
Docker 20.10.23
31.01
Elastic Container Service (ECS)
1.74.1
-
AMI-Name: al2023-ami-ecs-hvm-2023.0.20230720-kernel-6.1-arm64
Docker 20.10.23
31.00
Elastic Kubernetes Service (EKS)
1.27.3
-
-
containerd: 1.6.19
31.01
Elastic Kubernetes Service (EKS)
1.27.3
-
-
containerd: 1.6.19
31.00
Google Kubernetes Engine (GKE) autopilot on ARM
1.26.5-gke.1400
-
containerd: 1.6.18
-
31.01
Google Kubernetes Engine (GKE) on ARM
1.27.3-gke.1700
-
containerd: 1.7.0
-
31.01
Google Kubernetes Engine (GKE) on ARM
1.27.3-gke.100
-
containerd: 1.7.0
-
31.00
Kubernetes
1.28.1
-
-
containerd: 1.6.21
-
31.01
Kubernetes
1.27.3
-
-
containerd: 1.6.21
-
31.00

Istio

Prisma Cloud supports Istio 1.16.1.

Jenkins

Prisma Cloud was tested with Jenkins 2.346.3 and the 2.361.4 container version.
The Prisma Cloud Jenkins plugin supports Jenkins LTS releases greater than 2.319.1. For any given release of Prisma Cloud, the plugin supports those Jenkins LTS releases supported by the Jenkins project at the time of the Prisma Cloud release.
The Jenkins plugin is not supported on ARM64 architecture.

Image Base Layers

Prisma Cloud can protect containers built on nearly any base layer operating system. Comprehensive Common Vulnerabilities and Exposures (CVE) data is provided for the following base layers for all versions except EOL versions:
  • Alpine
  • Amazon Linux 2
  • BusyBox
  • CentOS
  • Debian
  • Red Hat Enterprise Linux
  • SUSE
  • Ubuntu (LTS releases only)
  • Windows Server
If a CVE doesn’t have an architecture identifier, the CVE is related to all architectures.

Serverless Runtimes

Prisma Cloud offers multiple features to help you secure your serverless runtimes on AWS, Azure, and GCP. The following sections show the supported languages for each feature available for serverless scanning in each cloud service provider.

Vulnerability Scanning

Feature
Platform
Language
Versions
Conditions
Vulnerability scanning
AWS
Node.js
12
-
Vulnerability scanning
AWS
Node.js
14
-
Vulnerability scanning
AWS
Node.js
16
-
Vulnerability scanning
AWS
Node.js
18
-
Vulnerability scanning
Azure
Node.js
16
-
Vulnerability scanning
GCP
Node.js
6
-
Vulnerability scanning
AWS
Python
3.7
-
Vulnerability scanning
AWS
Python
3.8
-
Vulnerability scanning
AWS
Python
3.9
-
Vulnerability scanning
Azure
Python
3.8
-
Vulnerability scanning
GCP
Python
3.7
-
Vulnerability scanning
AWS
Java
8
-
Vulnerability scanning
AWS
Java
11
-
Vulnerability scanning
Azure
Java
8
-
Vulnerability scanning
AWS
Ruby
2.7
-
Vulnerability scanning
AWS
C#
3.1
Deprecated in 30.01

Compliance Scanning

Feature
Platform
Language
Versions
Conditions
Compliance scanning
AWS
Node.js
12
Full scans available
Compliance scanning
AWS
Node.js
14
Full scans available
Compliance scanning
AWS
Node.js
16
Full scans available
Compliance scanning
AWS
Node.js
18
Full scans available
Compliance scanning
AWS
Python
3.7
Full scans available
Compliance scanning
AWS
Python
3.8
Full scans available
Compliance scanning
AWS
Python
3.9
Full scans available
Compliance scanning
AWS
C#
3.1
Deprecated in 30.01
Compliance scanning
AWS
C#
5.0
Full scans available
Compliance scanning
AWS
C#
6.0
Full scans available
Compliance scanning
AWS
Java
8
Limited scans available
Compliance scanning
AWS
Java
11
Limited scans available
Compliance scanning
AWS
Ruby
2.7
Limited scans available
Compliance scanning
AWS
Go
1.x
Limited scans available
Compliance scanning
Azure
Python
3.8
Limited scans available
Compliance scanning
GCP
Python
3.7
Limited scans available

Runtime Protection with Defender

Feature
Platform
Language
Versions
Conditions
Runtime protection with Defender
AWS
Node.js
12
Runtime protection with Defender
AWS
Node.js
14
Runtime protection with Defender
AWS
Node.js
16
Runtime protection with Defender
AWS
Node.js
18
Runtime protection with Defender
AWS
Python
3.7
Runtime protection with Defender
AWS
Python
3.8
Runtime protection with Defender
AWS
Python
3.9
Runtime protection with Defender
AWS
Java
8
Runtime protection with Defender
AWS
Java
11
Runtime protection with Defender
AWS
C#
3.1
Deprecated in 30.01
Runtime protection with Defender
AWS
C#
6.0
Runtime protection with Defender
AWS
Ruby
2.7
Runtime protection with Defender
Azure
C#
6.0
Runtime protection with Defender
GCP
-
-
Not available

WaaS with Defender

Feature
Platform
Language
Versions
Conditions
WAAS with Defender
AWS
Node.js
14
WAAS with Defender
AWS
Node.js
16
WAAS with Defender
AWS
Node.js
18
WAAS with Defender
AWS
Python
3.7
WAAS with Defender
AWS
Python
3.8
WAAS with Defender
AWS
Python
3.9
WAAS with Defender
AWS
Python
"3.10"
WAAS with Defender
AWS
Ruby
2.7
WAAS with Defender
AWS
Java
8
WAAS with Defender
AWS
Java
11
WAAS with Defender
AWS
Java
11
WAAS with Defender
Azure
-
-
Not available
WAAS with Defender
GCP
-
-
Not available

Auto-Defend

Feature
Platform
Language
Versions
Conditions
Auto-Defend
AWS
Node.js
12
Auto-Defend
AWS
Node.js
14
Auto-Defend
AWS
Python
3.7
Auto-Defend
AWS
Python
3.8
Auto-Defend
AWS
Python
3.9
Auto-Defend
AWS
Ruby
2.7
Auto-Defend
Azure
-
-
Not available
Auto-Defend
GCP
-
-
Not available

Go

Prisma Cloud can detect vulnerabilities in Go executables for Go versions 1.13 and greater.

Shells

For Linux, Prisma Cloud depends on the Bash shell. For Windows, Prisma Cloud depends on PowerShell.
The shell environment variable DOCKER_CONTENT_TRUST should be set to 0 or unset before running any commands that interact with the Prisma Cloud cloud registry, such as Defender installs or upgrades.

Browsers

Prisma Cloud supports the latest versions of Chrome, Safari, and Edge.
For Microsoft Edge, only the new Chromium-based version (80.0.361 and later) is supported.

Cortex XDR

Prisma Cloud Defenders can work alongside Cortex XDR agents. Currently, users need to manually add exceptions in Console for both agents to work together. In a future release, there will be out-of-the-box support for co-existence. Users can disable the Defender runtime defense when a Cortex XDR agent is present.
To allow for both the solutions to co-exist:
  1. Add the Cortex agent as a trustable executable. For more information, see to Creating a trusted executable.
  2. Suppress runtime alerts from the Cortex agent by adding custom runtime rules that allow the Cortex agent process and file path.

Recommended For You