1. Overview

Prisma Cloud scans all hosts where Defender is installed.

Defender scans hosts for the following types of vulnerabilities:

  • Host configuration: Vulnerabilities in the host setup.

  • Docker daemon configuration: Vulnerabilities that stem from misconfiguring your Docker daemons. Docker daemon derives its configuration from various files, including /etc/sysconfig/docker or /etc/default/docker. Misconfigured daemons affect all container instances on a host.

  • Docker daemon configuration files: Vulnerabilities that arise from improperly securing critical configuration files with the correct permissions.

  • Docker security operations: Recommendations and reminders for extending your current security best practices to include containers.

2. Reviewing host scan reports

Prisma Cloud lets you filter the displayed hosts by searching for specific hosts or by collection. Collections support AWS tags. When creating new collections, specify the tags you want to use for filtering in the Labels field.

You can filter the displayed hosts by searching for specific hosts or by choosing a collection. Collections support AWS tags. When creating a new collection, add the tags you want to use for filtering to the Labels field.

  1. Open Console, then go to Monitor > Compliance > Hosts > Running Hosts.

  2. Click on a host in the list.

    A report for the compliance issues on the host is shown.

    host scanning report

    All vulnerabilities identified in the latest host scan can be exported to a CSV file by clicking on the CSV button in the top right of the table.