Update Defender Configuration

POST 
/api/v33.03/defenders/:id/features

x-prisma-cloud-target-env: {"permission":"manageDefenders"}

Updates a deployed Defender's configuration.

<HOSTNAME> is a single list item from the /api/v1/defenders/names endpoint.

$ curl -k \
  -u <USER> \
  -H 'Content-Type: application/json' \
  -X POST \
  -d '{"proxyListenerType": "tcp", "registryScanner":"<true|false>", "serverlessScanner":"<true|false>"}' \
  https://<CONSOLE>/api/v<VERSION>/defenders/<HOSTNAME>/features

Request

Path Parameters

id stringrequired

application/json

Body

clusterMonitoringboolean

Indicates whether any of the cluster monitoring features are enabled (monitor service accounts, monitor Istio, collect Kubernetes pod labels).

proxyListenerTypedefender.ProxyListenerType (string)

ProxyListenerType is the proxy listener type of defenders

Responses

200

Defender is an update about an agent starting

application/json

Schema

Schema

categorydefender.Category (string)

Category represents the defender target category

Possible values: [container,host,serverless,appEmbedded,hostAgentless,containerAgentless,cloudSecurityAgent]

certificateExpirationdate-time

Client certificate expiration time.

cloudMetadata object

CloudMetadata is the metadata for a cloud provider managed asset (e.g., as part of AWS/GCP/Azure/OCI)

accountIDstring

Cloud account ID.

awsExecutionEnvstring

AWS execution environment (e.g. EC2/Fargate).

imagestring

The name of the image the cloud managed host or container is based on.

labels object[]

Cloud provider metadata labels.

Array [

keystring

Label key.

sourceNamestring

Source name (e.g., for a namespace, the source name can be 'twistlock').

sourceTypecommon.ExternalLabelSourceType (string)

ExternalLabelSourceType indicates the source of the labels

Possible values: [namespace,deployment,aws,azure,gcp,oci]

timestampdate-time

Time when the label was fetched.

valuestring

Value of the label.

]

namestring

Resource name.

providercommon.CloudProvider (string)

CloudProvider specifies the cloud provider name

Possible values: [aws,azure,gcp,alibaba,oci,others]

regionstring

Resource's region.

resourceIDstring

Unique ID of the resource.

resourceURLstring

Server-defined URL for the resource.

typestring

Instance type.

vmIDstring

Azure unique vm ID.

vmImageIDstring

VMImageID holds the VM instance's image ID.

clusterstring

Cluster name (fallback is internal IP).

clusterIDstring

Unique ID generated for each DaemonSet. Used to group Defenders by clusters. Note: Kubernetes does not provide a cluster name as part of its API.

clusterTypecommon.ClusterType (string)

ClusterType is the cluster type

Possible values: [AKS,ECS,EKS,GKE,Kubernetes]

collectionsstring (string)[]

Collections to which this Defender belongs.

compatibleVersionboolean

Indicates if Defender has a compatible version for communication (e.g., request logs) (true) or not (false).

connectedboolean

Indicates whether Defender is connected (true) or not (false).

features object

Features is the defender features that can be updated

clusterMonitoringboolean

Indicates whether any of the cluster monitoring features are enabled (monitor service accounts, monitor Istio, collect Kubernetes pod labels).

proxyListenerTypedefender.ProxyListenerType (string)

ProxyListenerType is the proxy listener type of defenders

firewallProtection object

ProtectionStatus describes the status of the WAAS protection

enabledboolean

Enabled indicates if WAAS proxy protection is enabled (true) or not (false).

outOfBandModewaas.OutOfBandMode (string)

OutOfBandMode holds the app firewall out-of-band mode

Possible values: [,Observation,Protection]

portsint (integer)[]

Ports indicates http open ports associated with the container.

supportedboolean

Supported indicates if WAAS protection is supported (true) or not (false).

tlsPortsint (integer)[]

TLSPorts indicates https open ports associated with the container.

unprotectedProcesses object[]

UnprotectedProcesses holds the processes that support HTTP/HTTPS without WAAS protection.

Array [

portinteger

Port is the process port.

processstring

Process is the process name.

tlsboolean

TLS is the port TLS indication.

]

fqdnstring

Full domain name of the host. Used in audit alerts to identify specific hosts.

hostnamestring

Name of host where Defender is deployed.

isARM64boolean

IsARM64 indicates whether the defender runs on aarch64 architecture.

lastModifieddate-time

Datetime when the Defender's connectivity status last changed.

portinteger

Port that Defender uses to connect to Console.

proxy object

ProxySettings are the http proxy settings

castring

Proxy's CA for Defender to trust. Required when using TLS intercept proxies.

httpProxystring

Proxy address.

noProxystring

List of addresses for which the proxy should not be used.

password object

Secret Stores the plain and encrypted version of a value. The plain version is not stored in a database

encryptedstring

Specifies an encrypted value of the secret.

plainstring

Specifies the plain text value of the secret.

userstring

Username to authenticate with the proxy.

remoteLoggingSupportedboolean

Indicates if Defender logs can be retrieved remotely (true) or not (false).

remoteMgmtSupportedboolean

Indicates if Defender can be remotely managed (upgraded, restarted) (true) or not (false).

status object

Status is the generic status state per defender or global

appFirewall object

FeatureStatus holds data about defender features

enabledboolean

Indicates if the feature is enabled (true) or not (false).

errstring

Error string, if an error occurred.

hostnamestring

Name of host where Defender runs.

container object

ScanStatus represents the status of current scan

completedboolean

Indicates if scanning has successfully completed (true) or not (false).

errorsstring (string)[]

List of errors that occurred during the last scan.

hostnamestring

Name of the host where Defender runs.

scanTimedate-time

Datetime of the last completed scan.

scanningboolean

Indicates whether scanning is in progress (true) or not (false).

selectiveboolean

Indicates if the scan is for a specific resource (true) or not (false).

containerNetworkFirewall object

FeatureStatus holds data about defender features

enabledboolean

Indicates if the feature is enabled (true) or not (false).

errstring

Error string, if an error occurred.

hostnamestring

Name of host where Defender runs.

features object

FeatureStatus holds data about defender features

enabledboolean

Indicates if the feature is enabled (true) or not (false).

errstring

Error string, if an error occurred.

hostnamestring

Name of host where Defender runs.

filesystem object

FeatureStatus holds data about defender features

enabledboolean

Indicates if the feature is enabled (true) or not (false).

errstring

Error string, if an error occurred.

hostnamestring

Name of host where Defender runs.

hostCustomCompliance object

FeatureStatus holds data about defender features

enabledboolean

Indicates if the feature is enabled (true) or not (false).

errstring

Error string, if an error occurred.

hostnamestring

Name of host where Defender runs.

hostNetworkFirewall object

FeatureStatus holds data about defender features

enabledboolean

Indicates if the feature is enabled (true) or not (false).

errstring

Error string, if an error occurred.

hostnamestring

Name of host where Defender runs.

image object

ScanStatus represents the status of current scan

completedboolean

Indicates if scanning has successfully completed (true) or not (false).

errorsstring (string)[]

List of errors that occurred during the last scan.

hostnamestring

Name of the host where Defender runs.

scanTimedate-time

Datetime of the last completed scan.

scanningboolean

Indicates whether scanning is in progress (true) or not (false).

selectiveboolean

Indicates if the scan is for a specific resource (true) or not (false).

lastModifieddate-time

Datetime the status was last modified.

network object

FeatureStatus holds data about defender features

enabledboolean

Indicates if the feature is enabled (true) or not (false).

errstring

Error string, if an error occurred.

hostnamestring

Name of host where Defender runs.

outOfBandAppFirewall object

FeatureStatus holds data about defender features

enabledboolean

Indicates if the feature is enabled (true) or not (false).

errstring

Error string, if an error occurred.

hostnamestring

Name of host where Defender runs.

process object

FeatureStatus holds data about defender features

enabledboolean

Indicates if the feature is enabled (true) or not (false).

errstring

Error string, if an error occurred.

hostnamestring

Name of host where Defender runs.

runc object

FeatureStatus holds data about defender features

enabledboolean

Indicates if the feature is enabled (true) or not (false).

errstring

Error string, if an error occurred.

hostnamestring

Name of host where Defender runs.

runtime object

FeatureStatus holds data about defender features

enabledboolean

Indicates if the feature is enabled (true) or not (false).

errstring

Error string, if an error occurred.

hostnamestring

Name of host where Defender runs.

tasDroplets object

ScanStatus represents the status of current scan

completedboolean

Indicates if scanning has successfully completed (true) or not (false).

errorsstring (string)[]

List of errors that occurred during the last scan.

hostnamestring

Name of the host where Defender runs.

scanTimedate-time

Datetime of the last completed scan.

scanningboolean

Indicates whether scanning is in progress (true) or not (false).

selectiveboolean

Indicates if the scan is for a specific resource (true) or not (false).

upgrade object

UpgradeStatus represents the status of current twistlock defender upgrade

errstring

Error string, if an error occurred.

hostnamestring

Name of the host where Defender runs.

lastModifieddate-time

Datetime of the last upgrade.

progressinteger

Upgrade progress.

systemInfo object

SystemInfo is the OS information of the host

cpuCountinteger

CPU count on the host where Defender runs.

freeDiskSpaceGBinteger

Free disk space (in GB) on the host where Defender runs.

kernelVersionstring

Kernel version on the host where Defender runs.

memoryGBdouble

Total memory (in GB) on the host where Defender runs.

totalDiskSpaceGBinteger

Total disk space (in GB) on the host where Defender runs.

tasBlobstoreScannerboolean

Indicates TAS blobstore scanning only Defender.

tasClusterIDstring

TAS cluster ID where Defender runs. This is typically set to the Cloud controller's API address.

tasFoundationstring

TASFoundation is the foundation the Defender is running on.

typedefender.Type (string)

Type is the type to be given at startup

Possible values: [none,docker,dockerWindows,containerdWindows,swarm,daemonset,serverLinux,serverWindows,cri,fargate,appEmbedded,tas,tasWindows,serverless,ecs,podman]

usingOldCAboolean

UsingOldCA indicates whether the defender client is using an old certificate signed by an old CA for TLS handshake.

versionstring

Defender version.

vpcObserverboolean

VPCObserver indicates whether the defender runs in a VPC observer.

Example (auto)

{
  "category": [
    "container",
    "host",
    "serverless",
    "appEmbedded",
    "hostAgentless",
    "containerAgentless",
    "cloudSecurityAgent"
  ],
  "certificateExpiration": "2024-07-29T15:51:28.071Z",
  "cloudMetadata": {
    "accountID": "string",
    "awsExecutionEnv": "string",
    "image": "string",
    "labels": [
      {
        "key": "string",
        "sourceName": "string",
        "sourceType": [
          "namespace",
          "deployment",
          "aws",
          "azure",
          "gcp",
          "oci"
        ],
        "timestamp": "2024-07-29T15:51:28.071Z",
        "value": "string"
      }
    ],
    "name": "string",
    "provider": [
      "aws",
      "azure",
      "gcp",
      "alibaba",
      "oci",
      "others"
    ],
    "region": "string",
    "resourceID": "string",
    "resourceURL": "string",
    "type": "string",
    "vmID": "string",
    "vmImageID": "string"
  },
  "cluster": "string",
  "clusterID": "string",
  "clusterType": [
    "AKS",
    "ECS",
    "EKS",
    "GKE",
    "Kubernetes"
  ],
  "collections": [
    "string"
  ],
  "compatibleVersion": true,
  "connected": true,
  "features": {
    "clusterMonitoring": true,
    "proxyListenerType": "string"
  },
  "firewallProtection": {
    "enabled": true,
    "outOfBandMode": [
      "",
      "Observation",
      "Protection"
    ],
    "ports": [
      0
    ],
    "supported": true,
    "tlsPorts": [
      0
    ],
    "unprotectedProcesses": [
      {
        "port": 0,
        "process": "string",
        "tls": true
      }
    ]
  },
  "fqdn": "string",
  "hostname": "string",
  "isARM64": true,
  "lastModified": "2024-07-29T15:51:28.071Z",
  "port": 0,
  "proxy": {
    "ca": "string",
    "httpProxy": "string",
    "noProxy": "string",
    "password": {
      "encrypted": "string",
      "plain": "string"
    },
    "user": "string"
  },
  "remoteLoggingSupported": true,
  "remoteMgmtSupported": true,
  "status": {
    "appFirewall": {
      "enabled": true,
      "err": "string",
      "hostname": "string"
    },
    "container": {
      "completed": true,
      "errors": [
        "string"
      ],
      "hostname": "string",
      "scanTime": "2024-07-29T15:51:28.071Z",
      "scanning": true,
      "selective": true
    },
    "containerNetworkFirewall": {
      "enabled": true,
      "err": "string",
      "hostname": "string"
    },
    "features": {
      "enabled": true,
      "err": "string",
      "hostname": "string"
    },
    "filesystem": {
      "enabled": true,
      "err": "string",
      "hostname": "string"
    },
    "hostCustomCompliance": {
      "enabled": true,
      "err": "string",
      "hostname": "string"
    },
    "hostNetworkFirewall": {
      "enabled": true,
      "err": "string",
      "hostname": "string"
    },
    "image": {
      "completed": true,
      "errors": [
        "string"
      ],
      "hostname": "string",
      "scanTime": "2024-07-29T15:51:28.071Z",
      "scanning": true,
      "selective": true
    },
    "lastModified": "2024-07-29T15:51:28.071Z",
    "network": {
      "enabled": true,
      "err": "string",
      "hostname": "string"
    },
    "outOfBandAppFirewall": {
      "enabled": true,
      "err": "string",
      "hostname": "string"
    },
    "process": {
      "enabled": true,
      "err": "string",
      "hostname": "string"
    },
    "runc": {
      "enabled": true,
      "err": "string",
      "hostname": "string"
    },
    "runtime": {
      "enabled": true,
      "err": "string",
      "hostname": "string"
    },
    "tasDroplets": {
      "completed": true,
      "errors": [
        "string"
      ],
      "hostname": "string",
      "scanTime": "2024-07-29T15:51:28.071Z",
      "scanning": true,
      "selective": true
    },
    "upgrade": {
      "err": "string",
      "hostname": "string",
      "lastModified": "2024-07-29T15:51:28.071Z",
      "progress": 0
    }
  },
  "systemInfo": {
    "cpuCount": 0,
    "freeDiskSpaceGB": 0,
    "kernelVersion": "string",
    "memoryGB": 0,
    "totalDiskSpaceGB": 0
  },
  "tasBlobstoreScanner": true,
  "tasClusterID": "string",
  "tasFoundation": "string",
  "type": [
    "none",
    "docker",
    "dockerWindows",
    "containerdWindows",
    "swarm",
    "daemonset",
    "serverLinux",
    "serverWindows",
    "cri",
    "fargate",
    "appEmbedded",
    "tas",
    "tasWindows",
    "serverless",
    "ecs",
    "podman"
  ],
  "usingOldCA": true,
  "version": "string",
  "vpcObserver": true
}

default

• curl
• python
• go
• nodejs
• csharp
• php

• CURL

curl -L 'https://pan.dev/api/v33.03/defenders/:id/features' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-d '{
  "clusterMonitoring": true,
  "proxyListenerType": "string"
}'

Request Collapse all

Parameters

id — pathrequired

Body

{
  "clusterMonitoring": true,
  "proxyListenerType": "string"
}