1. Overview

Install Host Defender on each host that you want Prisma Cloud to protect.

Single Host Defenders can be configured in the Console UI, and then deployed with a curl-bash script. Alternatively, you can use twistcli to configure and deploy Defender directly on a host.

2. Install a Host Defender (Console UI)

Host Defenders are installed with a curl-bash script. Install Host Defender on each host that you want Prisma Cloud to protect.

Prerequisites:

  • Your system meets all minimum system requirements.

  • You have already installed Console, and it can be accessed over the network from the host where you want to install Defender.

  • Port 8084 is open on the host where Defender runs. Console and Defender communicate with each other over a web socket on port 8084 (by default the communication port is set to 8084 - however, you can specify your own custom port when deploying a Defender).

  • You have sudo access to the host where Defender will be installed.

  1. Verify that the host machine where you install Defender can connect to Console.

    $ curl -sk -D - https://<CONSOLE_IP_ADDRESS|HOSTNAME>:8083/api/v1/_ping

    If curl returns an HTTP response status code of 200, you have connectivity to Console. If you customized the setup when you installed Console, you might need to specify a different port.

  2. Log into Console.

  3. Go to Manage > Defenders > Deploy.

    1. In the first drop-down menu (2), select the way Defender connects to Console.

      A list of IP addresses and hostnames are pre-populated in the drop-down list. If none of the items are valid, go to Manage > Defenders > Names, and add a new Subject Alternative Name (SAN) to Console’s certificate. After adding a SAN, your IP address or hostname will be available in the drop-down list.

      Selecting an IP address in a evaluation setup is acceptable, but using a DNS name is more resilient. If you select Console’s IP address, and Console’s IP address changes, your Defenders will no longer be able to communicate with Console.
    2. (Optional) Set a proxy (3) for the Defender to use for the communication with the Console.

    3. (Optional) Set a custom communication port (4) for the Defender to use.

    4. In the second drop-down list (5), select Host Defender - Linux or Host Defender - Windows.

    5. In the final field, copy the install command, which is generated according to the options you selected.

  4. On the host where you want to install Defender, paste the command into a shell window, and run it.

3. Install a single Host Defender (twistcli)

Use twistcli to install a single Host Defender on a Linux host.

Prerequisites:

  • Your system meets all minimum system requirements.

  • Console can be accessed over the network from the host where you want to install Defender.

  • You have sudo access to the host where Defender will be installed.

  • You’ve created a service account with the Defender Manager role. twistcl uses the service account to access Console.

  1. Verify that the host machine where you install Defender can connect to Console.

    $ curl -sk -D - https://<CONSOLE>/api/v1/_ping

    If curl returns an HTTP response status code of 200, you have connectivity to Console. If you customized the setup when you installed Console, you might need to specify a different port.

  2. SSH to the host where you want to install Defender.

  3. Download twistcli.

    $ curl -k \
      -u <USER> \
      -L \
      -o twistcli \
      https://<CONSOLE>/api/v1/util/twistcli
  4. Make the twistcli binary executable.

    $ chmod a+x ./twistcli
  5. Install Defender.

    $ sudo ./twistcli defender install standalone host-linux \
      --address https://<CONSOLE> \
      --user <USER>

4. Verify the install

Verify that Defender is installed and connected to Console.

In Console, go to Manage > Defenders > Manage. Your new Defender should be listed in the table, and the status box should be green and checked.