twistcli
Prisma Cloud ships a command-line configuration and control tool known as twistcli.
It is supported on Linux, macOS, and Windows.
Installing twistcli
The twistcli tool is delivered with every Prisma Cloud release.
It is statically compiled, so it does not have any external dependencies, and it can run on any Linux host.
No special installation is required.
To run it, simply copy it to a host, and give it executable permissions.
You need sudo privileges to run the twistcli command.
The twistcli tool is available from the following sources.
- You can download it from the API, which is a typical use case for automated workflows. For more information, see the /api/v1/util endpoint.
The requirements for running twistcli are:
- The host running twistcli must be able to connect to the Prisma Cloud Console over the network.
- For image scanning, Docker Engine must be installed on the executing machine.
Connectivity to Console
Most twistcli functions require connectivity to Console.
All example commands specify a variable called COMPUTE_CONSOLE, which represents the address for your Console.
To get the address for your Console, go to
Compute > Manage > System > Utilities
, and copy the string under Path to Console
.Functions
The twistcli tool supports the following functions:
- console — Installs and uninstalls Console into a cluster. Kubernetes and OpenShift are supported. You can also export Kubernetes or OpenShift deployment files in YAML format.
- defender — Installs and uninstalls Defender into a cluster. Kubernetes and OpenShift are supported. Defender is installed as a daemon set (Kubernetes, OpenShift) which means one Defender is always automatically deployed to each node in the cluster. You can also export a Kubernetes or OpenShift deployment file in YAML format.
- hosts — Scans hosts for vulnerabilities and compliance issues.
- images — Scans container images for vulnerabilities and compliance issues. Because it runs from the command line, you can easily integrate Prisma Cloud’s scanning capabilities into your CI/CD pipeline.
- intelligence — Retrieves the latest threat data from the Prisma Cloud Intelligence Stream, and push those updates to a Prisma Cloud installation running in an air-gapped environment.
- tas — Scans VMware Tanzu droplets.
- app-embedded — Embed the App Embedded Defender into a Dockerfile.
- restore — Restore Console to the state stored in the specified backup file. An automated backup system (enabled by default) creates and maintains daily, weekly, and monthly backups. Additional backups can be made at any point in time from the Console UI.
- serverless — Scans serverless functions for vulnerabilities.
- support — Streamlines the process of collecting and sending debug information to Prisma Cloud’s support team. Collects log data from a node and uploads it to Prisma Cloud’s support area.
Capabilities
The twistcli tool offers feature parity across all supported operating systems, with a few exceptions.
The following table highlights where functions are disabled, or work differently, on a given platform.