How to enable custom compliance check on Host Defender

How to enable custom compliance check on Host Defender

1549
Created On 11/07/22 02:22 AM - Last Modified 05/15/24 20:18 PM


Objective


This article is to guide how to enable custom compliance check on Host Defender.

Environment


  • Prisma Cloud Compute
  • Host Defender

Procedure


As per Custom compliance checks , there are 3 + 4 steps as below:
  1. Enabling custom compliance checks for hosts
    1. Go to Manage > Defenders > Advanced Settings
    2. Set Custom Compliance Checks for hosts to enabled.
    3. Deploy Defenders to your environment. Or if already deployed, redeploy your Defenders.
  2. Creating a new custom check
    1. Open Console
    2. Write a new custom check Defend > Compliance > Custom > Add Check
    3. Update the compliance policy to run your check.
    4. Validate your setup by reviewing the compliance reports under Monitor > Compliance .
Notes:
  • When redeploying the Defenders, we must fully decommission the Defenders, and deploy it again.
    • How to decommission Defenders
    • For daemon set re-deployment, make sure the daemonset is fully removed with below commands, and then deploy it again:
kubectl delete -f <daemonset deployment filename>.yaml
  • Simply deleting the pods or restart the daemonset is not considered as redeployment.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000sZrDCAU&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail