--- title: Prisma Cloud Compute Edition description: Twistlock is a container security scanner breadcrumbs: Docs > Integrations > Prisma Cloud Compute Edition --- # Prisma Cloud Compute Edition Supported OS Integration version6.3.0 ## Overview{% #overview %} [Prisma Cloud Compute Edition](https://www.paloaltonetworks.com/prisma/cloud) is a security scanner. It scans containers, hosts, and packages to find vulnerabilities and compliance issues. **Minimum Agent version:** 6.11.0 ## Setup{% #setup %} ### Installation{% #installation %} The Prisma Cloud Compute Edition check is included in the [Datadog Agent](https://app.datadoghq.com/account/settings/agent/latest) package, so you do not need to install anything else on your server. ### Configuration{% #configuration %} {% tab title="Host" %} #### Host{% #host %} To configure this check for an Agent running on a host: ##### Metric collection{% #metric-collection %} 1. Edit the `twistlock.d/conf.yaml` file, in the `conf.d/` folder at the root of your Agent's configuration directory to start collecting your twistlock performance data. See the [sample twistlock.d/conf.yaml](https://github.com/DataDog/integrations-core/blob/master/twistlock/datadog_checks/twistlock/data/conf.yaml.example) for all available configuration options. 1. [Restart the Agent](https://docs.datadoghq.com/agent/guide/agent-commands/#start-stop-and-restart-the-agent). {% /tab %} {% tab title="Containerized" %} #### Containerized{% #containerized %} For containerized environments, see the [Autodiscovery Integration Templates](https://docs.datadoghq.com/agent/kubernetes/integrations/) for guidance on applying the parameters below. ##### Metric collection{% #metric-collection %} | Parameter | Value | | -------------------- | ----------------------------------------------------------------------------------- | | `` | `twistlock` | | `` | blank or `{}` | | `` | `{"url":"http://%%host%%:8083", "username":"", "password": ""}` | ###### Kubernetes{% #kubernetes %} If you're using Kubernetes, add the config to replication controller section of twistlock_console.yaml before deploying: ```yaml apiVersion: v1 kind: ReplicationController metadata: name: twistlock-console namespace: twistlock spec: replicas: 1 selector: name: twistlock-console template: metadata: annotations: ad.datadoghq.com/twistlock-console.check_names: '["twistlock"]' ad.datadoghq.com/twistlock-console.init_configs: "[{}]" ad.datadoghq.com/twistlock-console.instances: '[{"url":"http://%%host%%:8083", "username":"", "password": ""}]' ad.datadoghq.com/twistlock-console.logs: '[{"source": "twistlock", "service": "twistlock"}]' name: twistlock-console namespace: twistlock labels: name: twistlock-console ``` ##### Log collection{% #log-collection %} {% callout %} # Important note for users on the following Datadog sites: us3.datadoghq.com **Log collection is not supported for the Datadog site**. {% /callout %} *Available for Agent versions >6.0* Collecting logs is disabled by default in the Datadog Agent. To enable it, see [Kubernetes Log Collection](https://docs.datadoghq.com/agent/kubernetes/log/?tab=containerinstallation#setup). | Parameter | Value | | -------------- | ------------------------------------------------- | | `` | `{"source": "twistlock", "service": "twistlock"}` | ###### Kubernetes{% #kubernetes-1 %} 1. Collecting logs is disabled by default in the Datadog Agent. Enable it in your [DaemonSet configuration](https://docs.datadoghq.com/agent/kubernetes/daemonset_setup/#log-collection): ```yaml #(...) env: #(...) - name: DD_LOGS_ENABLED value: "true" - name: DD_LOGS_CONFIG_CONTAINER_COLLECT_ALL value: "true" #(...) ``` 1. Mount the Docker socket to the Datadog Agent. See the Datadog Kubernetes [example manifests](https://docs.datadoghq.com/agent/kubernetes/?tab=daemonset). 1. Make sure the log section is included in the Pod annotation for the defender, where the container name can be found just below in the pod spec: ```yaml ad.datadoghq.com/.logs: '[{"source": "twistlock", "service": "twistlock"}]' ``` 1. [Restart the Agent](https://docs.datadoghq.com/agent/guide/agent-commands/#start-stop-and-restart-the-agent). ###### Docker{% #docker %} 1. Collecting logs is disabled by default in the Datadog Agent. Enable it with the environment variable: ```shell DD_LOGS_ENABLED=true ``` 1. Add a label on the defender container: ```yaml ad.datadoghq.com/.logs: '[{"source": "twistlock", "service": "twistlock"}]' ``` 1. Mount the Docker socket to the Datadog Agent. More information about the required configuration to collect logs with the Datadog Agent available in [Docker Log Collection](https://docs.datadoghq.com/agent/docker/log/?tab=containerinstallation). 1. [Restart the Agent](https://docs.datadoghq.com/agent/guide/agent-commands/#start-stop-and-restart-the-agent). {% /tab %} ### Validation{% #validation %} Run the [Agent's status subcommand](https://docs.datadoghq.com/agent/guide/agent-commands/#agent-status-and-information) and look for `twistlock` under the Checks section. ## Data Collected{% #data-collected %} ### Metrics{% #metrics %} | | | | | **twistlock.containers.compliance.count**(gauge) | The number of compliance violations a container has*Shown as occurrence* | | **twistlock.hosts.compliance.count**(gauge) | The number of compliance violations a host has*Shown as occurrence* | | **twistlock.hosts.cve.count**(gauge) | The number of CVEs a host has*Shown as occurrence* | | **twistlock.hosts.cve.details**(gauge) | The details of a CVE on a host*Shown as occurrence* | | **twistlock.images.compliance.count**(gauge) | The number of compliance violations an image has*Shown as occurrence* | | **twistlock.images.cve.count**(gauge) | The number of CVEs an image has*Shown as occurrence* | | **twistlock.images.cve.details**(gauge) | The details of a CVE on an image*Shown as occurrence* | | **twistlock.images.layer\_count**(gauge) | The count of layers in a local image*Shown as occurrence* | | **twistlock.images.size**(gauge) | The size of a local image*Shown as byte* | | **twistlock.registry.compliance.count**(gauge) | The number of compliance violations an image in a registry has*Shown as occurrence* | | **twistlock.registry.cve.count**(gauge) | The number of CVEs an image in a registry has*Shown as occurrence* | | **twistlock.registry.cve.details**(gauge) | The details of a CVE on an image in a registry*Shown as occurrence* | | **twistlock.registry.layer\_count**(gauge) | The count of layers in an image in a registry*Shown as occurrence* | | **twistlock.registry.size**(gauge) | The size of an image in a registry*Shown as byte* | ### Events{% #events %} Prisma Cloud Compute Edition sends an event when a new CVE is found. ### Service Checks{% #service-checks %} **twistlock.license\_ok** Returns Critical if the Agent cannot retrieve the Licence data or its expiring, OK otherwise. *Statuses: ok, warning, critical* **twistlock.registry** Returns Critical if the Agent cannot retrieve registry data, OK otherwise. *Statuses: ok, critical* **twistlock.can\_connect** Returns Critical if the Agent cannot retrieve image data from the registry, OK otherwise. *Statuses: ok, critical* **twistlock.images** Returns Critical if the image hasn't been scanned in critical_days, OK otherwise. *Statuses: ok, warning, critical* **twistlock.hosts** Returns Critical if the host hasn't been scanned in critical_days, OK otherwise. *Statuses: ok, warning, critical* **twistlock.containers** Returns Critical if the container hasn't been scanned in critical_days, OK otherwise. *Statuses: ok, warning, critical* ## Troubleshooting{% #troubleshooting %} Need help? Contact [Datadog support](https://docs.datadoghq.com/help/).