Releases
Select Guide ▼
Compute Edition 20.09 (Self-Hosted)
Enterprise Edition (SaaS)
Reference Architecture
Operationalize Guide
Troubleshooting
Historical Documentation
Integrations
Palo Alto Networks Tech Docs
Toggle nav
Docs
Prisma Cloud Enterprise Edition (SaaS)
How-to guides
Howto
Edit on GitHub
Search
Welcome
Welcome
Getting started
Upgrade announcements
Compute SaaS maintenance updates
NAT gateway IP addresses
Product architecture
Licensing
Prisma Cloud Enterprise Edition vs Compute Edition
Utilities and plugins
Install
Install
Getting started
System requirements
Prisma Cloud container images
Kubernetes
OpenShift 4
OpenShift 3.11
VMware Tanzu Kubernetes Grid
Amazon ECS
Docker Swarm
DC/OS
Windows
Defender types
Install Defender
Install Defender
Single Container Defender
Cluster Container Defender
App Embedded Defender
App Embedded Defender for Fargate
Defender for VMWare Tanzu TAS
Serverless Defender (auto-protect)
Serverless Defender
Serverless Defender (Lambda layer)
Host Defender
Deploy Defender from GCP Marketplace
Decommission single Container Defender
Upgrade
Upgrade
Upgrade process
Kubernetes
OpenShift
Helm charts
Docker Swarm
Amazon ECS
Manually upgrade single Container Defenders
Manually upgrade Defender DaemonSets
Manually upgrade Defender DaemonSets (Helm)
Manually upgrade Swarm Defender global service
Technology overviews
Technology overviews
Prisma Cloud Advanced Threat Protection
App-specific network intelligence
Container runtimes
Radar
Serverless Radar
Prisma Cloud rules guide for Docker
Defender architecture
Telemetry
Configure
Configure
Rule ordering and pattern matching
Disaster recovery
Custom feeds
Proxy configuration
Configure scan intervals
User certificate validity period
Enable HTTP access to Console
Set different paths for Console and Defender (with daemon sets)
Authenticate to Console with certificates
Customize terminal output
Collections
Tags
Credentials store
Authentication
Authentication
Access keys
Prisma Cloud user roles
Compute user roles
Assign roles
Credentials store
Vulnerability management
Vulnerability management
Vulnerability Explorer
Vulnerability management rules
Search CVEs
Scan reports
Customize image scanning
Registry scanning
Configuring registry scans
Registry scanning
Alibaba Cloud Container Registry
Amazon EC2 Container Registry
Azure Container Registry
Docker Registry v2 (including Docker Hub)
Google Container Registry
Harbor
IBM Cloud Container Registry
JFrog Artifactory Docker Registry
OpenShift integrated Docker registry
Webhooks
VM image scanning
Code repository scanning
Malware scanning
Risk trees
Detect vulnerabilities in unpackaged software
CVSS scoring
Google Cloud Container Builder
Windows image scanning
Serverless function scanning
VMWare Tanzu blobstore scanning
Access control
Access control
Docker role-based access control
Open Policy Agent
Compliance
Compliance
Compliance Explorer
Manage compliance
CIS Benchmarks
Prisma Cloud compliance checks
Serverless functions
Windows compliance checks
Custom compliance checks
Extensible compliance checks
Trusted images
Host scanning
VM image scanning
Detect secrets
Cloud discovery
Runtime defense
Runtime defense
Runtime defense overview
Runtime defense for processes
Runtime defense for networking
Runtime defense for file systems
Runtime defense for hosts
Custom runtime rules
Blocked containers
Import and export individual rules
Discrete blocking
Fargate
Incident Explorer
Incident types
Incident types
Backdoor admin accounts
Backdoor SSH access
Brute force
Crypto miners
Data exfiltration
Hijacked processes
Kubernetes attack
Lateral movement
Port scanning
Service violation
Continuous integration
Continuous integration
Jenkins plugin
Jenkins Freestyle project
Jenkins Maven project
Jenkins Pipeline project
Run Jenkins in a container
Jenkins pipeline on K8S
CloudBees Core pipeline on K8S
Set policy in the CI plugins
Firewalls
Firewalls
Web-Application and API Security (WAAS)
Deploy Web-Application and API Security (WAAS)
Cloud Native Network Firewall (CNNF)
Secrets
Secrets
Secrets manager
Integrate with a secrets store
Secrets stores
Secrets stores
AWS Secrets Manager
AWS Systems Manager Parameters Store
Azure Key Vault
CyberArk Enterprise Password Vault
HashiCorp Vault
Inject secrets into containers
Injecting secrets example
Alerts
Alerts
Alert mechanism
AWS Security Hub
Cortex XSOAR
Email
Google Cloud Pub/Sub
Google Cloud SCC
IBM Cloud Security Advisor
JIRA
PagerDuty
ServiceNow Security Incident Response
ServiceNow Vulnerability Response
Slack
Webhook
Audit
Audit
Event viewer
Host activity
Admin activity
Annotate audits
Delete audit logs
Syslog and stdout integration
Log rotation
Throttling
Prometheus
Kubernetes auditing
Tools
Tools
twistcli
Scan images with twistcli
Scan IaC files with twistcli
Deployment patterns
Deployment patterns
DNS and certificate management
Caps
Performance planning
API
API
Stability guide
Access the API
Automate Defender install
Manage compliance policies
20.09 porting guide
How-to guides
Howto
Deploy Defenders External to an OpenShift cluster
Disable automatic learning
Review debug logs
Howto
1. Overview
1. Overview
This section contains guides for deploying various advanced setups.