Problems with automated setup of Defender on Linux hosts

[iansk]

Report from customer:

During the tests for the automated setup of the Twistlock/Prisma Cloud Compute agent on Linux hosts, I stumbled over other legacy commands in the official guides:

https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/api/automate_defender_install.html

"curl -k https://<COMPUTE_CONSOLE>:8083/api/v1/_ping"

Port 8083 is never working when using the path to our console (https://europe-west3.cloud.twistlock.com/eu-2-143539134). Omitting ":8083" solves the problem.

"curl -H "Content-Type: application/json"
-d '{"username":"<USERNAME>", "password":"<PASSWORD>"}'
https://<COMPUTE_CONSOLE>:8083/api/v1/authenticate"

Again: when omitting ":8083" we get an access token

In "Step 4 >> Download and run the Defender install script." And further down under "Install a stand-alone Defender (no Docker)" – Step 2 >> Download and run the Defender install script with the --install-host option." I found many errors:

curl \
  -H "authorization: Bearer <TOKEN> \
  https://<COMPUTE_CONSOLE>:8083/api/v1/scripts/defender.sh \
  -o defender.sh && \
  chmod a+x defender.sh && \
  sudo ./defender.sh -c "<CONSOLE>" -d "none" [--install-host]

1. Missing " after <TOKEN>
2. Again :8083
3. The scripts are not working at all. All I get is "404 – Page not found" in the defender.sh file.

So, I went and altered the curl command I can copy from "Compute -> Manage -> Defenders -> Deploy -> Host Defender – Linux":

"curl -sSL -k --header "authorization: Bearer <TOKEN>" -X POST https://europe-west3.cloud.twistlock.com/eu-2-143539134/api/v1/scripts/defender.sh | sudo bash -s -- -c "europe-west3.cloud.twistlock.com" -d "none" --install-host"

When entering the Token I got from the Authenticate API command, I was able to install the agent.