forked from pivotal-cf/docs-twistlock
-
Notifications
You must be signed in to change notification settings - Fork 0
/
using.html.md.erb
90 lines (50 loc) · 3.42 KB
/
using.html.md.erb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
---
title: Using Prisma Cloud for VMware Tanzu
owner: Partners
---
Configure Prisma Cloud to secure your environment.
##<a id='visibility'></a> Review your Environment
After deploying Defenders to VMware Tanzu TAS, Prisma Cloud Defenders automatically gather security information about your environment.
Go to **Radar > Containers** to see your running apps.
By default, nodes on the Radar canvas are color-coded by the highest serverity vulnerability detected in the container.
Click on a node to inspect the security data collected for the containerized app, including vulnerability, compliance, and runtime issues.
<%= image_tag("tanzu_radar.png", :width => "600") %>
Defender also automatically scans each Diego cell host for vulnerability and compliance issues.
Go to **Monitor > Vulnerabilities > Hosts** and **Monitor > Compliance > Hosts** to review the information.
##<a id='scanning'></a> Scan Blobstores
To configure Prisma Cloud to scan a blobstore, do the following:
1. Log in to Prisma Cloud Compute Console.
1. Go to **Defend > Vulnerabilities > VMware Tanzu Blobstore**.
1. Click **Add VMware Tanzu Blobstore settings**.
1. Specify the cloud controller.
1. Specify the droplets to scan.
To scan all droplets, enter a wildcard (*).
1. Specify the maxiumum number of droplets to scan.
To scan all droplets, enter 0.
1. Click **Add**.
<%= image_tag("configure_blobstore_scanning.png", :width => "600") %>
1. Click **Save**.
##<a id='scanning_images'></a> Scan Registries
You can also configure your deployed Defenders to scan your container registries.
Use the standard setup procedure documented [here](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/vulnerability_management/registry_scanning0/scan_docker_registry_v2.html).
##<a id='reviewing'></a> Review Scan Reports
To review scan reports for VMware Tanzu blobstore droplets, do the following:
1. Log in to Prisma Cloud Compute Console.
1. Go to **Monitor > Vulnerabilities > VMware PCF Blobstore** to see a list of summary reports for each droplet.
<%= image_tag("blobstore_scan_reports.png", :width => "600") %>
1. To drill into a specific scan report, click on a row in the table.
##<a id='runtime'></a> Runtime Protection
Prisma Cloud Defender uses machine learning to automatically model how apps were designed to run.
To review the automatically generated models, go to **Monitor > Runtime > Container Models**.
<%= image_tag("tanzu_container_models.png", :width => "600") %>
When an app does something that's not modelled, Prisma Cloud generates an audit.
There are many ways you can ingest audits into your monitoring system, including syslog.
To review runtime alerts, go to **Monitor > Events**.
<%= image_tag("tanzu_runtime_audits.png", :width => "600") %>
Sometimes, you might want to take more stringent blocking action rather than simply just alerting when Defender detects specific known-bad activity.
Other times, the automatically generated models don't fully capture what's considered known-good behavior.
In both cases, you can augment Prisma Cloud models with runtime rules.
To create runtime rules, go to **Defend > Runtime > Container Policy**, and click **Add Rule**.
<%= image_tag("tanzu_runtime_rule.png", :width => "600") %>
##<a id='info'></a> More Information
To learn how to set up scanning, configure policies, and send alerts, see the [Prisma Cloud documentation](https://docs.paloaltonetworks.com/prisma/prisma-cloud.html).