Prisma Compute Defender is not included in the collection based on Account ID with Error log "Failed to fetch cloud metadata: fetch from IMDSv2 failed" for OCI Cloud
363
Created On 05/31/24 13:32 PM - Last Modified 02/20/25 18:11 PM
Symptom
- Prisma Cloud Compute Defender is not included in the collection based on Account ID
- Inspecting the Defender logs, we can see this error:
- ERRO 2024-05-15T04:58:22.732 defender.go:232 Failed to fetch cloud metadata: http://169.254.169.254/opc/v1/instance/compartmentId not found Defenders installed in OCI cloud are showing as belonging to "Non-onboarded cloud accounts" because of this reason.
Environment
- Prisma Cloud Compute all versions SaaS and Self-Hosted
- Prisma Cloud Compute Defender all versions
- OCI
- Defender host account ID
Cause
Prisma Defender in OCI cloud does not properly work with instance metadata v2. When restricting instance metadata to version 2, the Defender does not know how to switch using this version and therefore it is unable to collect information regarding the cloud metadata (such as compartment ID). OCI Cloud IMDSv2 is not supported at the moment.
Resolution
There is a feature request opened to add support Internal PANWRFE-I-214.
In the meantime as a workaround please use metadata v1.