twistcli

Prisma Cloud ships a command-line configuration and control tool known as
twistcli
. It is supported on Linux, macOS, and Windows.

Installing twistcli

The
twistcli
tool is delivered with every Prisma Cloud release. It is statically compiled, so it does not have any external dependencies, and it can run on any Linux host. No special installation is required. To run it, simply copy it to a host, and give it executable permissions.
The
twistcli
tool is available from a number of places:
  • It can be download
    twistcli
    from the Console UI. Go to
    Manage > System > Downloads
    .
  • It can downloaded from the API, which is typical use case for automated workflows. For more information, see the
    /api/v1/util
    endpoint.
The requirements for running
twistcli
are:
  • twistcli
    must be able to connect to Console over the network from the host where it runs.
  • For image scanning, Docker Engine must be installed on the executing machine.

Connectivity to Console

Most
twistcli
functions require connectivity to Console. All example commands specify a variable called COMPUTE_CONSOLE, which represents the address for your Console.
To get the address for your Console, go to
Compute > Manage > System > Downloads
, and copy the string under
Path to Console
.

Functions

The
twistcli
tool supports the following functions:
  • console
     — Installs and uninstalls Console into a cluster. Kubernetes, OpenShift, and Docker Swarm are supported. You can also export Kubernetes or OpenShift deployment files in YAML format.
  • defender
     — Installs and uninstalls Defender into a cluster. Kubernetes, OpenShift, and Docker Swarm are supported. Defender is installed as either a daemon set (Kubernetes, OpenShift) or global service (Docker Swarm), which means one Defender is always automatically deployed to each node in the cluster. You can also export a Kubernetes or OpenShift deployment file in YAML format.
  • hosts
     — Scans hosts for vulnerabilities and compliance issues.
  • images
     — Scans container images for vulnerabilities and compliance issues. Because it runs from the command line, you can easily integrate Prisma Cloud’s scanning capabilities into your CI/CD pipeline.
  • intelligence
     — Retrieves the latest threat data from the Prisma Cloud Intelligence Stream, and push those updates to a Prisma Cloud installation running in an air-gapped environment.
  • pcf
     — Scan Pivotal Cloud Foundry droplets.
  • app-embedded
     — Embed the App Embedded Defender into a Dockerfile.
  • restore
     — Restore Console to the state stored in the specified backup file. An automatated backup system (enabled by default) creates and maintains daily, weekly, and monthly backups. Additional backups can made at any point in time from the Console UI.
  • serverless
     — Scans serverless functions for vulnerabilities.
  • iac
     — Scan Infrastructure-as-Code (IaC) templates for potential issues and misconfigurations. Learn more about Prisma Cloud IaC scanning capability.
  • support
     — Streamlines the process of collecting and sending debug information to Prisma Cloud’s support team. Collects log data from a node and uploads it to Prisma Cloud’s support area.

Capabilities

The
twistcli
tool offers feature parity across all supported operating systems, with a few exceptions. The following table highlights where functions are disabled, or work differently, on a given platform.
twistcli
Platform
Command
Subcommand
Linux
macOS
Windows
console
export
Yes
Yes
Yes
install
Yes
No
No
uninstall
Yes
No
No
defender
export
Yes
Yes
Yes
install
Yes
No
No
uninstall
Yes
No
No
hosts
scan
Yes
No
1
No
images
scan
Yes
Yes
2
Yes
3
intelligence
upload
Yes
Yes
Yes
download
Yes
Yes
Yes
pcf
scan
Yes
No
No
app-embedded
embed
Yes
Yes
Yes
restore
Yes
No
No
serverless
scan
Yes
Yes
Yes
iac
5
scan
Yes
Yes
Yes
support
dump
Yes
No
4
No
4
upload
Yes
Yes
Yes
1
Prisma Cloud doesn’t support deployment to macOS hosts, so there is no support for scanning macOS hosts.
2
Scans Linux images on macOS hosts. Docker for Mac must be installed.
3
Twistcli can scan Windows images on Windows Server 2016 and Windows Server 2019 hosts. To scan Linux images on Windows, install Docker Machine on Windows with the Microsoft Hyper-V driver. Twistcli does not support scanning Linux images on Windows hosts with Docker for Windows.
4
The
support dump
function collects Console’s logs when Console malfunctions. Copy
twistcli
to host where Console runs, then execute
twistcli support dump
. Defender logs can be retrieved directly from the Console UI under
Manage > Defenders > Manage
.
5
IaC scanning is only available with
Prisma Cloud Enterprise Edition
.
For a comprehensive list of supported options for each subcommand, run:
$ twistcli <COMMAND> --help

Install support

Support for installing Console and Defender via
twistcli
is supported on several cluster types. The following table highlights the available support:
twistcli
Platform
>Command
>Subcommand
>Stand-alone
1
>Kubernetes
>OpenShift
>Swarm
>Amazon ECS
>DC/OS
>Windows
console
export
No
Yes
Yes
No
No
No
No
install
No
Yes
Yes
Yes
No
No
No
uninstall
No
Yes
Yes
Yes
No
No
No
defender
export
No
Yes
Yes
Yes
No
Yes
No
install
No
Yes
Yes
Yes
No
No
No
uninstall
No
Yes
Yes
Yes
No
No
No
1
Stand-alone refers to installing an instance of Console or Defender onto a single host that isn’t part of a cluster. For stand-alone installations of Console, use the
twistlock.sh
script to install Onebox. For stand-alone installations of Defender, log into Console, go to
Manage > Defenders > Deploy
, and generate an install command.
The
twistcli console install
command for Kubernetes and OpenShift combines two steps into a single command to simplify how Console is deployed. This command internally generates a YAML configuration file and then creates Console’s resources with
kubectl create
in a single shot. This command is only supported on Linux. Use it when you don’t need a copy of the YAML configuration file. Otherwise, use
twistcli console export
.

Recommended For You