Table of Contents
Prisma Cloud Enterprise Edition
Expand all | Collapse all
-
- Getting started
- System Requirements
- Cluster Context
-
- Defender Types
- Manage your Defenders
- Redeploy Defenders
- Uninstall Defenders
-
- Deploy Orchestrator Defenders on Amazon ECS
- Automatically Install Container Defender in a Cluster
- Deploy Prisma Cloud Defender from the GCP Marketplace
- Deploy Defenders as DaemonSets
- VMware Tanzu Application Service (TAS) Defender
- Deploy Defender on Google Kubernetes Engine (GKE)
- Google Kubernetes Engine (GKE) Autopilot
- Deploy Defender on OpenShift v4
- Deploy Defender with Declarative Object Management
-
- Agentless Scanning Modes
-
- Onboard AWS Accounts for Agentless Scanning
- Configure Agentless Scanning for AWS
- Onboard Azure Accounts for Agentless Scanning
- Configure Agentless Scanning for Azure
- Onboard GCP Accounts for Agentless Scanning
- Configure Agentless Scanning for GCP
- Onboard Oracle Cloud Infrastructure (OCI) Accounts for Agentless Scanning
- Configure Agentless Scanning for Oracle Cloud Infrastructure (OCI)
- Agentless Scanning Results
-
- Rule ordering and pattern matching
- Backup and Restore
- Custom feeds
- Configuring Prisma Cloud proxy settings
- Prisma Cloud Compute certificates
- Configure scanning
- User certificate validity period
- Enable HTTP access to Console
- Set different paths for Defender and Console (with DaemonSets)
- Authenticate to Console with Certificates
- Customize terminal output
- Collections
- Tags
- WildFire Settings
- Log Scrubbing
- Permissions by feature
-
- Prisma Cloud Vulnerability Feed
- Scanning Procedure
- Vulnerability Management Policies
- Vulnerability Scan Reports
- Scan Images for Custom Vulnerabilities
- Base images
- Vulnerability Explorer
- CVSS scoring
- CVE Viewer
-
- Configure Registry Scans
- Scan Images in Alibaba Cloud Container Registry
- Scan Images in Amazon Elastic Container Registry (ECR)
- Scan images in Azure Container Registry (ACR)
- Scan Images in Docker Registry v2 (including Docker Hub)
- Scan Images in GitLab Container Registry
- Scan images in Google Artifact Registry
- Scan Images in Google Container Registry (GCR)
- Scan Images in Harbor Registry
- Scan Images in IBM Cloud Container Registry
- Scan Images in JFrog Artifactory Docker Registry
- Scan Images in Sonatype Nexus Registry
- Scan images in OpenShift integrated Docker registry
- Scan Images in CoreOS Quay Registry
- Trigger Registry Scans with Webhooks
- Configure VM image scanning
- Configure code repository scanning
- Malware scanning
- Windows container image scanning
- Serverless Functions Scanning
- VMware Tanzu Blobstore Scanning
- Scan App-Embedded workloads
- Troubleshoot Vulnerability Detection
-
- Compliance Explorer
- Enforce compliance checks
- CIS Benchmarks
- Prisma Cloud Labs compliance checks
- Malware Scanning
- Serverless functions compliance checks
- Windows compliance checks
- DISA STIG compliance checks
- Custom compliance checks
- Trusted images
- Host scanning
- VM image scanning
- App-Embedded scanning
- Detect secrets
- OSS license management
-
- Alert Mechanism
- AWS Security Hub
- Cortex XDR alerts
- Cortex XSOAR alerts
- Email alerts
- Google Cloud Pub/Sub
- Google Cloud Security Command Center
- IBM Cloud Security Advisor
- JIRA Alerts
- PagerDuty alerts
- ServiceNow alerts for Security Incident Response
- ServiceNow alerts for Vulnerability Response
- Slack Alerts
- Splunk Alerts
- Webhook alerts
- API
twistcli
Prisma Cloud ships a command-line configuration and control tool known as twistcli.
It is supported on Linux, macOS, and Windows.
Installing twistcli
The twistcli tool is delivered with every Prisma Cloud release.
It is statically compiled, so it does not have any external dependencies, and it can run on any Linux host.
No special installation is required.
To run it, simply copy it to a host, and give it executable permissions.
You need sudo privileges to run the twistcli command.
The twistcli tool is available from the following sources.
- You can download it from the API, which is a typical use case for automated workflows. For more information, see the /api/v1/util endpoint.
The requirements for running twistcli are:
- The host running twistcli must be able to connect to the Prisma Cloud Console over the network.
- For image scanning, Docker Engine must be installed on the executing machine.
Connectivity to Console
Most twistcli functions require connectivity to Console.
All example commands specify a variable called COMPUTE_CONSOLE, which represents the address for your Console.
To get the address for your Console, go to
Compute > Manage > System > Utilities
, and copy the string under Path to Console
.Functions
The twistcli tool supports the following functions:
- console — Installs and uninstalls Console into a cluster. Kubernetes and OpenShift are supported. You can also export Kubernetes or OpenShift deployment files in YAML format.
- defender — Installs and uninstalls Defender into a cluster. Kubernetes and OpenShift are supported. Defender is installed as a daemon set (Kubernetes, OpenShift) which means one Defender is always automatically deployed to each node in the cluster. You can also export a Kubernetes or OpenShift deployment file in YAML format.
- hosts — Scans hosts for vulnerabilities and compliance issues.
- images — Scans container images for vulnerabilities and compliance issues. Because it runs from the command line, you can easily integrate Prisma Cloud’s scanning capabilities into your CI/CD pipeline.
- intelligence — Retrieves the latest threat data from the Prisma Cloud Intelligence Stream, and push those updates to a Prisma Cloud installation running in an air-gapped environment.
- tas — Scans VMware Tanzu droplets.
- app-embedded — Embed the App Embedded Defender into a Dockerfile.
- restore — Restore Console to the state stored in the specified backup file. An automated backup system (enabled by default) creates and maintains daily, weekly, and monthly backups. Additional backups can be made at any point in time from the Console UI.
- serverless — Scans serverless functions for vulnerabilities.
- support — Streamlines the process of collecting and sending debug information to Prisma Cloud’s support team. Collects log data from a node and uploads it to Prisma Cloud’s support area.
Capabilities
The twistcli tool offers feature parity across all supported operating systems, with a few exceptions.
The following table highlights where functions are disabled, or work differently, on a given platform.
twistcli | Platform | |||||
---|---|---|---|---|---|---|
Command | Subcommand | Linux | Linux ARM64 | macOS | macOS ARM64 | Windows |
1
Prisma Cloud doesn’t support deployment to macOS hosts, so there is no support for scanning macOS hosts.2
Scans Linux images on macOS hosts.
Docker for Mac must be installed.3
Twistcli can scan Windows images on Windows Server 2016 and Windows Server 2019 hosts.
To scan Linux images on Windows, install Docker Machine on Windows with the Microsoft Hyper-V driver.
Twistcli does not support scanning Linux images on Windows hosts with Docker for Windows.4
The support dump function collects Console’s logs when Console malfunctions.
Copy twistcli to host where Console runs, then execute twistcli support dump.
Defender logs can be retrieved directly from the Console UI under Manage > Defenders > Manage
.5
IaC scanning is only available with Prisma Cloud Enterprise Edition
.For a comprehensive list of supported options for each subcommand, run:
$ twistcli <COMMAND> --help
Install support
Support for installing Console and Defender via twistcli is supported on several cluster types.
The following table highlights the available support:
1
Stand-alone refers to installing an instance of Console or Defender onto a single host that isn’t part of a cluster.
For stand-alone installations of Console, use the twistlock.sh script to install Onebox.The twistcli console install command for Kubernetes and OpenShift combines two steps into a single command to simplify how Console is deployed.
This command internally generates a YAML configuration file and then creates Console’s resources with kubectl create in a single shot.
This command is only supported on Linux.
Use it when you don’t need a copy of the YAML configuration file.
Otherwise, use twistcli console export.