09-18-2025 10:07 PM
I understood that Prisma Cloud Defender does not directly attempt to connect to ports or perform scans,
but it seems to have executed the curl -X OPTIONS http://localhost:8355 command on the tomcat shutdown port.
Since such a command was executed, there are daily logs of it being blocked by the tomcat shutdown port.
Please tell me the reason why Prisma Cloud Defender performs such a command: curl -X OPTIONS http://localhost:8355
09-19-2025 12:51 PM
Hello!
11-07-2025 10:06 PM
I too observed this in my EKS setup where prisma defender is running as container , where these calls and logs are through out .
Upon checking with security team some upgrades were performed, but none seem to have stopped it.
I was thinking of blocking this via network or network policies ,rather than blocking at the application or mesh level.
in my observation there is scan utility with in who is performing this .
Any one attempted ?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
