topic Re: Instructions and Best Practices guide for setting up Prisma cloud for Azure Container Registry and Azure Kubernetes Service in Prisma Cloud Discussions https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/instructions-and-best-practices-guide-for-setting-up-prisma/m-p/574862#M1160 <P>Hi,</P> <P>&nbsp;</P> <P>You have referred docs from compute edition. I understand compute edition is self-managed where you run prisma-cloud console as a docker container within your cluster. We are planning to use Prisma-cloud enterprise edition where we will be using prisma-cloud console provided by the enterprise edition and deploy defender in AKS to send details to prisma-cloud in SAAS. So my question is after I deploy defender in my AKS cluster as daemonset, it automatically communicates to SAAS prisma-cloud console right? I don't need any additional configuration either in AKS or in Prisma-cloud console right? Also our AKS is a private cluster. So how to make the daemonset communicate to prisma-cloud console. Is it via HTTP Proxy?</P> Tue, 30 Jan 2024 05:22:40 GMT clakshmikanthan 2024-01-30T05:22:40Z Instructions and Best Practices guide for setting up Prisma cloud for Azure Container Registry and Azure Kubernetes Service https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/instructions-and-best-practices-guide-for-setting-up-prisma/m-p/574398#M1151 <P>Looking for Instructions and Best Practices guide for setting up Prisma cloud for Azure Container Registry and Azure Kubernetes Service</P> Thu, 25 Jan 2024 06:49:08 GMT https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/instructions-and-best-practices-guide-for-setting-up-prisma/m-p/574398#M1151 clakshmikanthan 2024-01-25T06:49:08Z Re: Instructions and Best Practices guide for setting up Prisma cloud for Azure Container Registry and Azure Kubernetes Service https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/instructions-and-best-practices-guide-for-setting-up-prisma/m-p/574492#M1152 <P>HI&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/133155959">@clakshmikanthan</a>&nbsp;</P> <P>Here is the Doc To Configure Azure Container Registry -&nbsp;<A href="https://docs.prismacloud.io/en/classic/compute-admin-guide/vulnerability-management/registry-scanning/scan-acr" target="_self">https://docs.prismacloud.io/en/classic/compute-admin-guide/vulnerability-management/registry-scanning/scan-acr</A></P> <P>&nbsp;</P> <P>Additional Docs to Configure Prisma Cloud on AKS Cluster&nbsp;<A href="https://docs.prismacloud.io/en/compute-edition/32/admin-guide/install/deploy-console/console-on-aks" target="_self">https://docs.prismacloud.io/en/compute-edition/32/admin-guide/install/deploy-console/console-on-aks</A></P> <P>&nbsp;</P> <P><A href="https://docs.prismacloud.io/en/compute-edition/32/admin-guide/install/deploy-defender/orchestrator/orchestrator" target="_self">https://docs.prismacloud.io/en/compute-edition/32/admin-guide/install/deploy-defender/orchestrator/orchestrator</A></P> <P>&nbsp;</P> <P>Please let us know if you need additional help.</P> Thu, 25 Jan 2024 16:58:00 GMT https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/instructions-and-best-practices-guide-for-setting-up-prisma/m-p/574492#M1152 SNimmagadda 2024-01-25T16:58:00Z Re: Instructions and Best Practices guide for setting up Prisma cloud for Azure Container Registry and Azure Kubernetes Service https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/instructions-and-best-practices-guide-for-setting-up-prisma/m-p/574683#M1154 <BLOCKQUOTE><HR /><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/278088">@SNimmagadda</a>&nbsp;wrote:<BR /> <P>HI&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/133155959">@clakshmikanthan</a>&nbsp;</P> <P>Here is the Doc To Configure Azure Container Registry -&nbsp;<A href="https://docs.prismacloud.io/en/classic/compute-admin-guide/vulnerability-management/registry-scanning/scan-acr" target="_self">https://docs.prismacloud.io/en/classic/compute-admin-guide/vulnerability-management/registry-scanning/scan-acr</A></P> <P>&nbsp;</P> <P>Additional Docs to Configure Prisma Cloud on AKS Cluster&nbsp;<A href="https://docs.prismacloud.io/en/compute-edition/32/admin-guide/install/deploy-console/console-on-aks" target="_self">https://docs.prismacloud.io/en/compute-edition/32/admin-guide/install/deploy-console/console-on-aks</A></P> <P>&nbsp;</P> <P><A href="https://docs.prismacloud.io/en/compute-edition/32/admin-guide/install/deploy-defender/orchestrator/orchestrator" target="_self">https://docs.prismacloud.io/en/compute-edition/32/admin-guide/install/deploy-defender/orchestrator/orchestrator</A></P> <P>&nbsp;</P> <P>Please let us know if you need additional help.</P> <HR /></BLOCKQUOTE> <P><BR />Thank You Very much. Appreciate your support. <BR />I have a question. I understand by integrating Prisma Cloud with Azure Container Registry, Vulnerability scanning of container images uploaded to ACR will automatically happen and the report will be generated.&nbsp;<BR />What about the prisma cloud defenders in AKS. Will it also scan any image deployed in AKS automatically? Once the Daemon set is installed in AKS what additional steps we have to do ? what benefit will it give?<BR />2. Is there a best practice guidelines on using and configuring Prisma wrt AKS and Azure container registry.&nbsp;</P> Mon, 29 Jan 2024 05:59:10 GMT https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/instructions-and-best-practices-guide-for-setting-up-prisma/m-p/574683#M1154 clakshmikanthan 2024-01-29T05:59:10Z Re: Instructions and Best Practices guide for setting up Prisma cloud for Azure Container Registry and Azure Kubernetes Service https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/instructions-and-best-practices-guide-for-setting-up-prisma/m-p/574756#M1155 <P>HI&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/133155959">@clakshmikanthan</a>&nbsp; Thanks for reaching out.</P> <P>&nbsp;</P> <P class="p1"><SPAN>After deploying a Defender to a Cluster, it can immediately protect and monitor your containers and host. No additional steps are required to rebuild your containers with an agent inside.</SPAN></P> <P class="p1">&nbsp;</P> <P class="p1"><SPAN>Here is The Defender Architecture&nbsp;to refer&nbsp;<A href="https://docs.prismacloud.io/en/compute-edition/32/admin-guide/technology-overviews/defender-architecture" target="_self">https://docs.prismacloud.io/en/compute-edition/32/admin-guide/technology-overviews/defender-architecture</A></SPAN></P> <P class="p1">Please refer to the below Doc on how the Defender works after it is installed.</P> <P class="p1"><SPAN><A href="https://docs.prismacloud.io/en/compute-edition/32/admin-guide/install/deploy-defender/defender-types" target="_blank">https://docs.prismacloud.io/en/compute-edition/32/admin-guide/install/deploy-defender/defender-types</A></SPAN></P> <P class="p1">&nbsp;</P> <P class="p1"><SPAN>Please let us know if this helps.</SPAN></P> Mon, 29 Jan 2024 15:59:43 GMT https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/instructions-and-best-practices-guide-for-setting-up-prisma/m-p/574756#M1155 SNimmagadda 2024-01-29T15:59:43Z Re: Instructions and Best Practices guide for setting up Prisma cloud for Azure Container Registry and Azure Kubernetes Service https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/instructions-and-best-practices-guide-for-setting-up-prisma/m-p/574862#M1160 <P>Hi,</P> <P>&nbsp;</P> <P>You have referred docs from compute edition. I understand compute edition is self-managed where you run prisma-cloud console as a docker container within your cluster. We are planning to use Prisma-cloud enterprise edition where we will be using prisma-cloud console provided by the enterprise edition and deploy defender in AKS to send details to prisma-cloud in SAAS. So my question is after I deploy defender in my AKS cluster as daemonset, it automatically communicates to SAAS prisma-cloud console right? I don't need any additional configuration either in AKS or in Prisma-cloud console right? Also our AKS is a private cluster. So how to make the daemonset communicate to prisma-cloud console. Is it via HTTP Proxy?</P> Tue, 30 Jan 2024 05:22:40 GMT https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/instructions-and-best-practices-guide-for-setting-up-prisma/m-p/574862#M1160 clakshmikanthan 2024-01-30T05:22:40Z Re: Instructions and Best Practices guide for setting up Prisma cloud for Azure Container Registry and Azure Kubernetes Service https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/instructions-and-best-practices-guide-for-setting-up-prisma/m-p/574946#M1167 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/133155959">@clakshmikanthan</a>&nbsp;</P> <P>&nbsp;</P> <P class="p1">If you have Created below Prerequisites for Console-defender Communication.<SPAN class="Apple-converted-space">&nbsp; </SPAN>deploying the defender in AKS Cluster<SPAN class="Apple-converted-space">&nbsp; </SPAN>will communicate to Console.</P> <P class="p3"><A href="https://docs.prismacloud.io/en/classic/compute-admin-guide/welcome/nat-gateway-ip-addresses" target="_blank">https://docs.prismacloud.io/en/classic/compute-admin-guide/welcome/nat-gateway-ip-addresses</A></P> <P class="p3"><A href="https://docs.prismacloud.io/en/classic/cspm-admin-guide/get-started-with-prisma-cloud/enable-access-prisma-cloud-console" target="_blank">https://docs.prismacloud.io/en/classic/cspm-admin-guide/get-started-with-prisma-cloud/enable-access-prisma-cloud-console</A></P> <P class="p3">Prisma® Cloud uses NAT gateway IP addresses. To ensure that you can access Prisma Cloud and the API for any integrations that you enabled between Prisma Cloud and your incidence response workflows, or your agentless deployment or <STRONG>the Prisma Cloud Defenders to communicate with the Prisma Cloud Compute Console,</STRONG> review the list and update the IP addresses in your allow lists</P> <P class="p3"><A href="https://docs.prismacloud.io/en/classic/cspm-admin-guide/get-started-with-prisma-cloud/enable-access-prisma-cloud-console#idcb6d3cd4-d1bf-450a-b0ec-41c23a4d4280" target="_self">https://docs.prismacloud.io/en/classic/cspm-admin-guide/get-started-with-prisma-cloud/enable-access-prisma-cloud-console#idcb6d3cd4-d1bf-450a-b0ec-41c23a4d4280</A></P> <P class="p2">&nbsp;</P> <P class="p3">In Prisma Cloud Enterprise Edition (SaaS platform for Compute), the Defender websocket connects to Console on port 443 (not configurable).</P> <P class="p3">If egress connections through Proxy Require authentication. Here is the doc to configure<SPAN class="Apple-converted-space">&nbsp; </SPAN>web proxy in HTTP Proxy</P> <P class="p3"><A href="https://docs.prismacloud.io/en/classic/compute-admin-guide/configure/proxy" target="_self">https://docs.prismacloud.io/en/classic/compute-admin-guide/configure/proxy</A></P> <P>&nbsp;</P> <P>Please let me know if this helps.</P> Tue, 30 Jan 2024 15:52:36 GMT https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/instructions-and-best-practices-guide-for-setting-up-prisma/m-p/574946#M1167 SNimmagadda 2024-01-30T15:52:36Z