12-23-2022 09:24 AM
We are considering agentless scanning with Prisma Cloud Compute.
Temporary scanning instances are spun up to perform the scans, whether the agentless scanning is configured to scan hosts in the same cloud account or from a dedicated hub cloud account.
Can anyone share insight/experience regarding the additional runtime costs (in relative terms) incurred by these scanning instances, especially on AWS?
We are trying to get rough idea if extra charges for scanning instances would be significant if we enable this feature.
12-27-2022 01:55 PM - edited 12-27-2022 01:58 PM
Hi JSchneider1,
Licensing wise, the agentless cost is the same way as agent-based as each module depending on the resource protected.
Example: A linux host (non Docker) is 1 credit. A host with containers will be 7 credits
Overhead cost wise: If you're referring to overhead cloud resource charges, the agentless scanner instance is spun up within your cloud environment to perform the scanning and then torn down. That can incur some extremely minimal resource charges.
When ‘auto-scale scanners' is enabled, an additional scanner is spun up for every ‘n’ running instances in the region (Ohio, etc) in the cloud account, up to 40 scanners (where ‘n’ is the number of snapshots that provider supports to be attached per instance)
The limit is placed so we don't spin up too many instances charging customers.
Customers can choose to have more by manually adding the number of scanners.
Note: Although auto-scaling scan your workload much faster, it can also increase your associated overhead charges. So keep that in mind if enabling auto-scaling
For more details: https://docs.paloaltonetworks.com/prisma/prisma-cloud/22-06/prisma-cloud-compute-edition-admin/vulne...
12-27-2022 01:55 PM - edited 12-27-2022 01:58 PM
Hi JSchneider1,
Licensing wise, the agentless cost is the same way as agent-based as each module depending on the resource protected.
Example: A linux host (non Docker) is 1 credit. A host with containers will be 7 credits
Overhead cost wise: If you're referring to overhead cloud resource charges, the agentless scanner instance is spun up within your cloud environment to perform the scanning and then torn down. That can incur some extremely minimal resource charges.
When ‘auto-scale scanners' is enabled, an additional scanner is spun up for every ‘n’ running instances in the region (Ohio, etc) in the cloud account, up to 40 scanners (where ‘n’ is the number of snapshots that provider supports to be attached per instance)
The limit is placed so we don't spin up too many instances charging customers.
Customers can choose to have more by manually adding the number of scanners.
Note: Although auto-scaling scan your workload much faster, it can also increase your associated overhead charges. So keep that in mind if enabling auto-scaling
For more details: https://docs.paloaltonetworks.com/prisma/prisma-cloud/22-06/prisma-cloud-compute-edition-admin/vulne...
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
