Skip to main content

Get Certificate Bundle for Defender



x-prisma-cloud-target-env: {"permission":"manageDefenders","saas":true,"self-hosted":true}
x-public: true

Returns the certificate bundle that Defender needs to securely connect to Console.

cURL Request

Refer to the following example cURL command:

$ curl -k \
-u <USER> \
-H 'Content-Type: application/json' \
-X GET \

<CONSOLEADDR> is the hostname of the Console.


Query Parameters

    consoleaddr string

    ConsoleAddr is the remote console address.

    defenderType string

    Possible values: [none,docker,dockerWindows,containerdWindows,swarm,daemonset,serverLinux,serverWindows,cri,fargate,appEmbedded,tas,tasWindows,serverless,ecs]

    DefenderType is the type of the defender to create the install bundle for.

    interpreter string

    Interpreter is a custom interpreter set by the user to run the fargate defender entrypoint script.

    cloudFormation boolean

    CloudFormation indicates if the given fargate task definition is in Cloud Formation format.

    filesystemMonitoring boolean

    FilesystemMonitoring is the filesystem monitoring flag.

    extractEntrypoint boolean

    ExtractEntrypoint indicates if entrypoint will be extracted automatically.

    registryType string

    RegistryType is the registry type for fetching image details needed to create fargate task definition (e.g., dockerhub).

    registryCredentialID string

    RegistryCredentialID of the credentials in the credentials store to use for authenticating with the registry.

    defenderImage string

    DefenderImage is the full path to the Defender image, if not specified Prisma's private registry is used.

    defenderImagePullSecret string

    DefenderImagePullSecret is the name of the secret required to pull the Defender image from private registry.


DefenderInstallBundle represents the install bundle for the defender

    installBundle string

    InstallBundle is the base64 bundle of certificates used to communicate with the console.

    wsAddress string

    WSAddress is the websocket address (console ) the TAS defender connects to.