Skip to main content

Update Defender Configuration

POST 

/api/v33.01/defenders/:id/features

x-prisma-cloud-target-env: {"permission":"manageDefenders"}

Updates a deployed Defender's configuration.

<HOSTNAME> is a single list item from the /api/v1/defenders/names endpoint.

$ curl -k \
-u <USER> \
-H 'Content-Type: application/json' \
-X POST \
-d '{"proxyListenerType": "tcp", "registryScanner":"<true|false>", "serverlessScanner":"<true|false>"}' \
https://<CONSOLE>/api/v<VERSION>/defenders/<HOSTNAME>/features

Request

Path Parameters

    id stringrequired

Body

    clusterMonitoring boolean

    Indicates whether any of the cluster monitoring features are enabled (monitor service accounts, monitor Istio, collect Kubernetes pod labels).

    proxyListenerType defender.ProxyListenerType (string)

    ProxyListenerType is the proxy listener type of defenders

Responses

Defender is an update about an agent starting

Schema
    category defender.Category (string)

    Possible values: [container,host,serverless,appEmbedded,hostAgentless,containerAgentless]

    Category represents the defender target category

    certificateExpiration date-time

    Client certificate expiration time.

    cloudMetadata object

    CloudMetadata is the metadata for a cloud provider managed asset (e.g., as part of AWS/GCP/Azure/OCI)

    accountID string

    Cloud account ID.

    awsExecutionEnv string

    AWS execution environment (e.g. EC2/Fargate).

    image string

    The name of the image the cloud managed host or container is based on.

    labels object[]

    Cloud provider metadata labels.

  • Array [
  • key string

    Label key.

    sourceName string

    Source name (e.g., for a namespace, the source name can be 'twistlock').

    sourceType common.ExternalLabelSourceType (string)

    Possible values: [namespace,deployment,aws,azure,gcp,oci]

    ExternalLabelSourceType indicates the source of the labels

    timestamp date-time

    Time when the label was fetched.

    value string

    Value of the label.

  • ]
  • name string

    Resource name.

    provider common.CloudProvider (string)

    Possible values: [aws,azure,gcp,alibaba,oci,others]

    CloudProvider specifies the cloud provider name

    region string

    Resource's region.

    resourceID string

    Unique ID of the resource.

    resourceURL string

    Server-defined URL for the resource.

    type string

    Instance type.

    vmID string

    Azure unique vm ID.

    vmImageID string

    VMImageID holds the VM instance's image ID.

    cluster string

    Cluster name (fallback is internal IP).

    clusterID string

    Unique ID generated for each DaemonSet. Used to group Defenders by clusters. Note: Kubernetes does not provide a cluster name as part of its API.

    clusterType common.ClusterType (string)

    Possible values: [AKS,ECS,EKS,GKE,Kubernetes]

    ClusterType is the cluster type

    collections string (string)[]

    Collections to which this Defender belongs.

    compatibleVersion boolean

    Indicates if Defender has a compatible version for communication (e.g., request logs) (true) or not (false).

    connected boolean

    Indicates whether Defender is connected (true) or not (false).

    features object

    Features is the defender features that can be updated

    clusterMonitoring boolean

    Indicates whether any of the cluster monitoring features are enabled (monitor service accounts, monitor Istio, collect Kubernetes pod labels).

    proxyListenerType defender.ProxyListenerType (string)

    ProxyListenerType is the proxy listener type of defenders

    firewallProtection object

    ProtectionStatus describes the status of the WAAS protection

    enabled boolean

    Enabled indicates if WAAS proxy protection is enabled (true) or not (false).

    outOfBandMode waas.OutOfBandMode (string)

    Possible values: [,Observation,Protection]

    OutOfBandMode holds the app firewall out-of-band mode

    ports int (integer)[]

    Ports indicates http open ports associated with the container.

    supported boolean

    Supported indicates if WAAS protection is supported (true) or not (false).

    tlsPorts int (integer)[]

    TLSPorts indicates https open ports associated with the container.

    unprotectedProcesses object[]

    UnprotectedProcesses holds the processes that support HTTP/HTTPS without WAAS protection.

  • Array [
  • port integer

    Port is the process port.

    process string

    Process is the process name.

    tls boolean

    TLS is the port TLS indication.

  • ]
  • fqdn string

    Full domain name of the host. Used in audit alerts to identify specific hosts.

    hostname string

    Name of host where Defender is deployed.

    isARM64 boolean

    IsARM64 indicates whether the defender runs on aarch64 architecture.

    lastModified date-time

    Datetime when the Defender's connectivity status last changed.

    port integer

    Port that Defender uses to connect to Console.

    proxy object

    ProxySettings are the http proxy settings

    ca string

    Proxy's CA for Defender to trust. Required when using TLS intercept proxies.

    httpProxy string

    Proxy address.

    noProxy string

    List of addresses for which the proxy should not be used.

    password object

    Secret Stores the plain and encrypted version of a value. The plain version is not stored in a database

    encrypted string

    Specifies an encrypted value of the secret.

    plain string

    Specifies the plain text value of the secret.

    user string

    Username to authenticate with the proxy.

    remoteLoggingSupported boolean

    Indicates if Defender logs can be retrieved remotely (true) or not (false).

    remoteMgmtSupported boolean

    Indicates if Defender can be remotely managed (upgraded, restarted) (true) or not (false).

    status object

    Status is the generic status state per defender or global

    appFirewall object

    FeatureStatus holds data about defender features

    enabled boolean

    Indicates if the feature is enabled (true) or not (false).

    err string

    Error string, if an error occurred.

    hostname string

    Name of host where Defender runs.

    container object

    ScanStatus represents the status of current scan

    completed boolean

    Indicates if scanning has successfully completed (true) or not (false).

    errors string (string)[]

    List of errors that occurred during the last scan.

    hostname string

    Name of the host where Defender runs.

    scanTime date-time

    Datetime of the last completed scan.

    scanning boolean

    Indicates whether scanning is in progress (true) or not (false).

    selective boolean

    Indicates if the scan is for a specific resource (true) or not (false).

    containerNetworkFirewall object

    FeatureStatus holds data about defender features

    enabled boolean

    Indicates if the feature is enabled (true) or not (false).

    err string

    Error string, if an error occurred.

    hostname string

    Name of host where Defender runs.

    features object

    FeatureStatus holds data about defender features

    enabled boolean

    Indicates if the feature is enabled (true) or not (false).

    err string

    Error string, if an error occurred.

    hostname string

    Name of host where Defender runs.

    filesystem object

    FeatureStatus holds data about defender features

    enabled boolean

    Indicates if the feature is enabled (true) or not (false).

    err string

    Error string, if an error occurred.

    hostname string

    Name of host where Defender runs.

    hostCustomCompliance object

    FeatureStatus holds data about defender features

    enabled boolean

    Indicates if the feature is enabled (true) or not (false).

    err string

    Error string, if an error occurred.

    hostname string

    Name of host where Defender runs.

    hostNetworkFirewall object

    FeatureStatus holds data about defender features

    enabled boolean

    Indicates if the feature is enabled (true) or not (false).

    err string

    Error string, if an error occurred.

    hostname string

    Name of host where Defender runs.

    image object

    ScanStatus represents the status of current scan

    completed boolean

    Indicates if scanning has successfully completed (true) or not (false).

    errors string (string)[]

    List of errors that occurred during the last scan.

    hostname string

    Name of the host where Defender runs.

    scanTime date-time

    Datetime of the last completed scan.

    scanning boolean

    Indicates whether scanning is in progress (true) or not (false).

    selective boolean

    Indicates if the scan is for a specific resource (true) or not (false).

    lastModified date-time

    Datetime the status was last modified.

    network object

    FeatureStatus holds data about defender features

    enabled boolean

    Indicates if the feature is enabled (true) or not (false).

    err string

    Error string, if an error occurred.

    hostname string

    Name of host where Defender runs.

    outOfBandAppFirewall object

    FeatureStatus holds data about defender features

    enabled boolean

    Indicates if the feature is enabled (true) or not (false).

    err string

    Error string, if an error occurred.

    hostname string

    Name of host where Defender runs.

    process object

    FeatureStatus holds data about defender features

    enabled boolean

    Indicates if the feature is enabled (true) or not (false).

    err string

    Error string, if an error occurred.

    hostname string

    Name of host where Defender runs.

    runc object

    FeatureStatus holds data about defender features

    enabled boolean

    Indicates if the feature is enabled (true) or not (false).

    err string

    Error string, if an error occurred.

    hostname string

    Name of host where Defender runs.

    runtime object

    FeatureStatus holds data about defender features

    enabled boolean

    Indicates if the feature is enabled (true) or not (false).

    err string

    Error string, if an error occurred.

    hostname string

    Name of host where Defender runs.

    tasDroplets object

    ScanStatus represents the status of current scan

    completed boolean

    Indicates if scanning has successfully completed (true) or not (false).

    errors string (string)[]

    List of errors that occurred during the last scan.

    hostname string

    Name of the host where Defender runs.

    scanTime date-time

    Datetime of the last completed scan.

    scanning boolean

    Indicates whether scanning is in progress (true) or not (false).

    selective boolean

    Indicates if the scan is for a specific resource (true) or not (false).

    upgrade object

    UpgradeStatus represents the status of current twistlock defender upgrade

    err string

    Error string, if an error occurred.

    hostname string

    Name of the host where Defender runs.

    lastModified date-time

    Datetime of the last upgrade.

    progress integer

    Upgrade progress.

    systemInfo object

    SystemInfo is the OS information of the host

    cpuCount integer

    CPU count on the host where Defender runs.

    freeDiskSpaceGB integer

    Free disk space (in GB) on the host where Defender runs.

    kernelVersion string

    Kernel version on the host where Defender runs.

    memoryGB double

    Total memory (in GB) on the host where Defender runs.

    totalDiskSpaceGB integer

    Total disk space (in GB) on the host where Defender runs.

    tasBlobstoreScanner boolean

    Indicates TAS blobstore scanning only Defender.

    tasClusterID string

    TAS cluster ID where Defender runs. This is typically set to the Cloud controller's API address.

    tasFoundation string

    TASFoundation is the foundation the Defender is running on.

    type defender.Type (string)

    Possible values: [none,docker,dockerWindows,containerdWindows,swarm,daemonset,serverLinux,serverWindows,cri,fargate,appEmbedded,tas,tasWindows,serverless,ecs,podman]

    Type is the type to be given at startup

    usingOldCA boolean

    UsingOldCA indicates whether the defender client is using an old certificate signed by an old CA for TLS handshake.

    version string

    Defender version.

    vpcObserver boolean

    VPCObserver indicates whether the defender runs in a VPC observer.

Loading...