Update Defender Configuration
POST/api/v33.00/defenders/:id/features
x-prisma-cloud-target-env: {"permission":"manageDefenders"}
Updates a deployed Defender's configuration.
<HOSTNAME>
is a single list item from the /api/v1/defenders/names
endpoint.
$ curl -k \
-u <USER> \
-H 'Content-Type: application/json' \
-X POST \
-d '{"proxyListenerType": "tcp", "registryScanner":"<true|false>", "serverlessScanner":"<true|false>"}' \
https://<CONSOLE>/api/v<VERSION>/defenders/<HOSTNAME>/features
Request
Path Parameters
- application/json
Body
Indicates whether any of the cluster monitoring features are enabled (monitor service accounts, monitor Istio, collect Kubernetes pod labels).
ProxyListenerType is the proxy listener type of defenders
Responses
- 200
- default
Defender is an update about an agent starting
- application/json
- Schema
- Example (from schema)
Schema
- Array [
- ]
- Array [
- ]
Possible values: [container,host,serverless,appEmbedded,hostAgentless,containerAgentless
]
Category represents the defender target category
Client certificate expiration time.
cloudMetadata object
CloudMetadata is the metadata for a cloud provider managed asset (e.g., as part of AWS/GCP/Azure/OCI)
Cloud account ID.
AWS execution environment (e.g. EC2/Fargate).
The name of the image the cloud managed host or container is based on.
labels object[]
Cloud provider metadata labels.
Label key.
Source name (e.g., for a namespace, the source name can be 'twistlock').
Possible values: [namespace,deployment,aws,azure,gcp,oci
]
ExternalLabelSourceType indicates the source of the labels
Time when the label was fetched.
Value of the label.
Resource name.
Possible values: [aws,azure,gcp,alibaba,oci,others
]
CloudProvider specifies the cloud provider name
Resource's region.
Unique ID of the resource.
Server-defined URL for the resource.
Instance type.
Azure unique vm ID.
VMImageID holds the VM instance's image ID.
Cluster name (fallback is internal IP).
Unique ID generated for each DaemonSet. Used to group Defenders by clusters. Note: Kubernetes does not provide a cluster name as part of its API.
Possible values: [AKS,ECS,EKS,GKE,Kubernetes
]
ClusterType is the cluster type
Collections to which this Defender belongs.
Indicates if Defender has a compatible version for communication (e.g., request logs) (true) or not (false).
Indicates whether Defender is connected (true) or not (false).
features object
Features is the defender features that can be updated
Indicates whether any of the cluster monitoring features are enabled (monitor service accounts, monitor Istio, collect Kubernetes pod labels).
ProxyListenerType is the proxy listener type of defenders
firewallProtection object
ProtectionStatus describes the status of the WAAS protection
Enabled indicates if WAAS proxy protection is enabled (true) or not (false).
Possible values: [,Observation,Protection
]
OutOfBandMode holds the app firewall out-of-band mode
Ports indicates http open ports associated with the container.
Supported indicates if WAAS protection is supported (true) or not (false).
TLSPorts indicates https open ports associated with the container.
unprotectedProcesses object[]
UnprotectedProcesses holds the processes that support HTTP/HTTPS without WAAS protection.
Port is the process port.
Process is the process name.
TLS is the port TLS indication.
Full domain name of the host. Used in audit alerts to identify specific hosts.
Name of host where Defender is deployed.
IsARM64 indicates whether the defender runs on aarch64 architecture.
Datetime when the Defender's connectivity status last changed.
Port that Defender uses to connect to Console.
proxy object
ProxySettings are the http proxy settings
Proxy's CA for Defender to trust. Required when using TLS intercept proxies.
Proxy address.
List of addresses for which the proxy should not be used.
password object
Secret Stores the plain and encrypted version of a value. The plain version is not stored in a database
Specifies an encrypted value of the secret.
Specifies the plain text value of the secret.
Username to authenticate with the proxy.
Indicates if Defender logs can be retrieved remotely (true) or not (false).
Indicates if Defender can be remotely managed (upgraded, restarted) (true) or not (false).
status object
Status is the generic status state per defender or global
appFirewall object
FeatureStatus holds data about defender features
Indicates if the feature is enabled (true) or not (false).
Error string, if an error occurred.
Name of host where Defender runs.
container object
ScanStatus represents the status of current scan
Indicates if scanning has successfully completed (true) or not (false).
List of errors that occurred during the last scan.
Name of the host where Defender runs.
Datetime of the last completed scan.
Indicates whether scanning is in progress (true) or not (false).
Indicates if the scan is for a specific resource (true) or not (false).
containerNetworkFirewall object
FeatureStatus holds data about defender features
Indicates if the feature is enabled (true) or not (false).
Error string, if an error occurred.
Name of host where Defender runs.
features object
FeatureStatus holds data about defender features
Indicates if the feature is enabled (true) or not (false).
Error string, if an error occurred.
Name of host where Defender runs.
filesystem object
FeatureStatus holds data about defender features
Indicates if the feature is enabled (true) or not (false).
Error string, if an error occurred.
Name of host where Defender runs.
hostCustomCompliance object
FeatureStatus holds data about defender features
Indicates if the feature is enabled (true) or not (false).
Error string, if an error occurred.
Name of host where Defender runs.
hostNetworkFirewall object
FeatureStatus holds data about defender features
Indicates if the feature is enabled (true) or not (false).
Error string, if an error occurred.
Name of host where Defender runs.
image object
ScanStatus represents the status of current scan
Indicates if scanning has successfully completed (true) or not (false).
List of errors that occurred during the last scan.
Name of the host where Defender runs.
Datetime of the last completed scan.
Indicates whether scanning is in progress (true) or not (false).
Indicates if the scan is for a specific resource (true) or not (false).
Datetime the status was last modified.
network object
FeatureStatus holds data about defender features
Indicates if the feature is enabled (true) or not (false).
Error string, if an error occurred.
Name of host where Defender runs.
outOfBandAppFirewall object
FeatureStatus holds data about defender features
Indicates if the feature is enabled (true) or not (false).
Error string, if an error occurred.
Name of host where Defender runs.
process object
FeatureStatus holds data about defender features
Indicates if the feature is enabled (true) or not (false).
Error string, if an error occurred.
Name of host where Defender runs.
runc object
FeatureStatus holds data about defender features
Indicates if the feature is enabled (true) or not (false).
Error string, if an error occurred.
Name of host where Defender runs.
runtime object
FeatureStatus holds data about defender features
Indicates if the feature is enabled (true) or not (false).
Error string, if an error occurred.
Name of host where Defender runs.
tasDroplets object
ScanStatus represents the status of current scan
Indicates if scanning has successfully completed (true) or not (false).
List of errors that occurred during the last scan.
Name of the host where Defender runs.
Datetime of the last completed scan.
Indicates whether scanning is in progress (true) or not (false).
Indicates if the scan is for a specific resource (true) or not (false).
upgrade object
UpgradeStatus represents the status of current twistlock defender upgrade
Error string, if an error occurred.
Name of the host where Defender runs.
Datetime of the last upgrade.
Upgrade progress.
systemInfo object
SystemInfo is the OS information of the host
CPU count on the host where Defender runs.
Free disk space (in GB) on the host where Defender runs.
Kernel version on the host where Defender runs.
Total memory (in GB) on the host where Defender runs.
Total disk space (in GB) on the host where Defender runs.
Indicates TAS blobstore scanning only Defender.
TAS cluster ID where Defender runs. This is typically set to the Cloud controller's API address.
TASFoundation is the foundation the Defender is running on.
Possible values: [none,docker,dockerWindows,containerdWindows,swarm,daemonset,serverLinux,serverWindows,cri,fargate,appEmbedded,tas,tasWindows,serverless,ecs
]
Type is the type to be given at startup
UsingOldCA indicates whether the defender client is using an old certificate signed by an old CA for TLS handshake.
Defender version.
VPCObserver indicates whether the defender runs in a VPC observer.
{
"category": [
"container",
"host",
"serverless",
"appEmbedded",
"hostAgentless",
"containerAgentless"
],
"certificateExpiration": "2024-07-29T15:51:28.071Z",
"cloudMetadata": {
"accountID": "string",
"awsExecutionEnv": "string",
"image": "string",
"labels": [
{
"key": "string",
"sourceName": "string",
"sourceType": [
"namespace",
"deployment",
"aws",
"azure",
"gcp",
"oci"
],
"timestamp": "2024-07-29T15:51:28.071Z",
"value": "string"
}
],
"name": "string",
"provider": [
"aws",
"azure",
"gcp",
"alibaba",
"oci",
"others"
],
"region": "string",
"resourceID": "string",
"resourceURL": "string",
"type": "string",
"vmID": "string",
"vmImageID": "string"
},
"cluster": "string",
"clusterID": "string",
"clusterType": [
"AKS",
"ECS",
"EKS",
"GKE",
"Kubernetes"
],
"collections": [
"string"
],
"compatibleVersion": true,
"connected": true,
"features": {
"clusterMonitoring": true,
"proxyListenerType": "string"
},
"firewallProtection": {
"enabled": true,
"outOfBandMode": [
"",
"Observation",
"Protection"
],
"ports": [
0
],
"supported": true,
"tlsPorts": [
0
],
"unprotectedProcesses": [
{
"port": 0,
"process": "string",
"tls": true
}
]
},
"fqdn": "string",
"hostname": "string",
"isARM64": true,
"lastModified": "2024-07-29T15:51:28.071Z",
"port": 0,
"proxy": {
"ca": "string",
"httpProxy": "string",
"noProxy": "string",
"password": {
"encrypted": "string",
"plain": "string"
},
"user": "string"
},
"remoteLoggingSupported": true,
"remoteMgmtSupported": true,
"status": {
"appFirewall": {
"enabled": true,
"err": "string",
"hostname": "string"
},
"container": {
"completed": true,
"errors": [
"string"
],
"hostname": "string",
"scanTime": "2024-07-29T15:51:28.071Z",
"scanning": true,
"selective": true
},
"containerNetworkFirewall": {
"enabled": true,
"err": "string",
"hostname": "string"
},
"features": {
"enabled": true,
"err": "string",
"hostname": "string"
},
"filesystem": {
"enabled": true,
"err": "string",
"hostname": "string"
},
"hostCustomCompliance": {
"enabled": true,
"err": "string",
"hostname": "string"
},
"hostNetworkFirewall": {
"enabled": true,
"err": "string",
"hostname": "string"
},
"image": {
"completed": true,
"errors": [
"string"
],
"hostname": "string",
"scanTime": "2024-07-29T15:51:28.071Z",
"scanning": true,
"selective": true
},
"lastModified": "2024-07-29T15:51:28.071Z",
"network": {
"enabled": true,
"err": "string",
"hostname": "string"
},
"outOfBandAppFirewall": {
"enabled": true,
"err": "string",
"hostname": "string"
},
"process": {
"enabled": true,
"err": "string",
"hostname": "string"
},
"runc": {
"enabled": true,
"err": "string",
"hostname": "string"
},
"runtime": {
"enabled": true,
"err": "string",
"hostname": "string"
},
"tasDroplets": {
"completed": true,
"errors": [
"string"
],
"hostname": "string",
"scanTime": "2024-07-29T15:51:28.071Z",
"scanning": true,
"selective": true
},
"upgrade": {
"err": "string",
"hostname": "string",
"lastModified": "2024-07-29T15:51:28.071Z",
"progress": 0
}
},
"systemInfo": {
"cpuCount": 0,
"freeDiskSpaceGB": 0,
"kernelVersion": "string",
"memoryGB": 0,
"totalDiskSpaceGB": 0
},
"tasBlobstoreScanner": true,
"tasClusterID": "string",
"tasFoundation": "string",
"type": [
"none",
"docker",
"dockerWindows",
"containerdWindows",
"swarm",
"daemonset",
"serverLinux",
"serverWindows",
"cri",
"fargate",
"appEmbedded",
"tas",
"tasWindows",
"serverless",
"ecs"
],
"usingOldCA": true,
"version": "string",
"vpcObserver": true
}