Prisma Cloud Compute Edition

Supported OS Linux Windows Mac OS

Integration version3.6.1

이 페이지는 아직 한국어로 제공되지 않으며 번역 작업 중입니다. 번역에 관한 질문이나 의견이 있으시면 언제든지 저희에게 연락해 주십시오.

Overview

Prisma Cloud Compute Edition is a security scanner. It scans containers, hosts, and packages to find vulnerabilities and compliance issues.

Setup

Installation

The Prisma Cloud Compute Edition check is included in the Datadog Agent package, so you do not need to install anything else on your server.

Configuration

Host

To configure this check for an Agent running on a host:

Metric collection

Edit the twistlock.d/conf.yaml file, in the conf.d/ folder at the root of your Agent’s configuration directory to start collecting your twistlock performance data. See the sample twistlock.d/conf.yaml for all available configuration options.
Restart the Agent.

Containerized

For containerized environments, see the Autodiscovery Integration Templates for guidance on applying the parameters below.

Metric collection

Parameter	Value
`<INTEGRATION_NAME>`	`twistlock`
`<INIT_CONFIG>`	blank or `{}`
`<INSTANCE_CONFIG>`	`{"url":"http://%%host%%:8083", "username":"<USERNAME>", "password": "<PASSWORD>"}`

Kubernetes

If you’re using Kubernetes, add the config to replication controller section of twistlock_console.yaml before deploying:

apiVersion: v1
kind: ReplicationController
metadata:
  name: twistlock-console
  namespace: twistlock
spec:
  replicas: 1
  selector:
    name: twistlock-console
  template:
    metadata:
      annotations:
        ad.datadoghq.com/twistlock-console.check_names: '["twistlock"]'
        ad.datadoghq.com/twistlock-console.init_configs: "[{}]"
        ad.datadoghq.com/twistlock-console.instances: '[{"url":"http://%%host%%:8083", "username":"<USERNAME>", "password": "<PASSWORD>"}]'
        ad.datadoghq.com/twistlock-console.logs: '[{"source": "twistlock", "service": "twistlock"}]'
      name: twistlock-console
      namespace: twistlock
      labels:
        name: twistlock-console

Log collection

Available for Agent versions >6.0

Collecting logs is disabled by default in the Datadog Agent. To enable it, see Kubernetes Log Collection.

Parameter	Value
`<LOG_CONFIG>`	`{"source": "twistlock", "service": "twistlock"}`

Kubernetes

Collecting logs is disabled by default in the Datadog Agent. Enable it in your DaemonSet configuration:

  #(...)
    env:
      #(...)
      - name: DD_LOGS_ENABLED
          value: "true"
      - name: DD_LOGS_CONFIG_CONTAINER_COLLECT_ALL
          value: "true"
  #(...)

Mount the Docker socket to the Datadog Agent. See the Datadog Kubernetes example manifests.
Make sure the log section is included in the Pod annotation for the defender, where the container name can be found just below in the pod spec:
```
ad.datadoghq.com/<container-name>.logs: '[{"source": "twistlock", "service": "twistlock"}]'
```
Restart the Agent.

Docker

Collecting logs is disabled by default in the Datadog Agent. Enable it with the environment variable:
```
DD_LOGS_ENABLED=true
```

Add a label on the defender container:

ad.datadoghq.com/<container-name>.logs: '[{"source": "twistlock", "service": "twistlock"}]'

Mount the Docker socket to the Datadog Agent. More information about the required configuration to collect logs with the Datadog Agent available in Docker Log Collection.
Restart the Agent.

Validation

Run the Agent’s status subcommand and look for twistlock under the Checks section.

Data Collected

Metrics

twistlock.containers.compliance.count (gauge)	The number of compliance violations a container has Shown as occurrence
twistlock.hosts.compliance.count (gauge)	The number of compliance violations a host has Shown as occurrence
twistlock.hosts.cve.count (gauge)	The number of CVEs a host has Shown as occurrence
twistlock.hosts.cve.details (gauge)	The details of a CVE on a host Shown as occurrence
twistlock.images.compliance.count (gauge)	The number of compliance violations an image has Shown as occurrence
twistlock.images.cve.count (gauge)	The number of CVEs an image has Shown as occurrence
twistlock.images.cve.details (gauge)	The details of a CVE on an image Shown as occurrence
twistlock.images.layer_count (gauge)	The count of layers in a local image Shown as occurrence
twistlock.images.size (gauge)	The size of a local image Shown as byte
twistlock.registry.compliance.count (gauge)	The number of compliance violations an image in a registry has Shown as occurrence
twistlock.registry.cve.count (gauge)	The number of CVEs an image in a registry has Shown as occurrence
twistlock.registry.cve.details (gauge)	The details of a CVE on an image in a registry Shown as occurrence
twistlock.registry.layer_count (gauge)	The count of layers in an image in a registry Shown as occurrence
twistlock.registry.size (gauge)	The size of an image in a registry Shown as byte

Events

Prisma Cloud Compute Edition sends an event when a new CVE is found.

Service Checks

twistlock.license_ok
Returns Critical if the Agent cannot retrieve the Licence data or its expiring, OK otherwise.
Statuses: ok, warning, critical

twistlock.registry
Returns Critical if the Agent cannot retrieve registry data, OK otherwise.
Statuses: ok, critical

twistlock.can_connect
Returns Critical if the Agent cannot retrieve image data from the registry, OK otherwise.
Statuses: ok, critical

twistlock.images
Returns Critical if the image hasn’t been scanned in critical_days, OK otherwise.
Statuses: ok, warning, critical

twistlock.hosts
Returns Critical if the host hasn’t been scanned in critical_days, OK otherwise.
Statuses: ok, warning, critical

twistlock.containers
Returns Critical if the container hasn’t been scanned in critical_days, OK otherwise.
Statuses: ok, warning, critical

Troubleshooting

Need help? Contact Datadog support.