Skip to content

Twistlock💣

Overview💣

Twistlock Administration Guide

Big Bang Touch Points💣

graph LR
  subgraph "Twistlock"
    twistlockpods("Twistlock Pod(s)")
    twistlockservice{{Twistlock Console}} --> twistlockpods("TwistlockPod(s)")
  end
  subgraph "Ingress"
    ig(Ingress Gateway) --"App Port"--> twistlockservice
  end
  subgraph "Logging"
    twistlockpods("Twistlock Pod(s)") --"Logs"--> fluent(Fluentbit) --> logging-ek-es-http
    logging-ek-es-http{{Elastic Service<br />logging-ek-es-http}} --> elastic[(Elastic Storage)]
  end
  subgraph "Monitoring"
    svcmonitor("Service Monitor") --"Metrics Port"--> twistlockservice
    Prometheus --> svcmonitor("Service Monitor")
  end

UI💣

Twistlock Console serves as the user interface within Twistlock. The graphical user interface (GUI) lets you define policy, configure and control your Twistlock deployment, and view the overall health (from a security perspective) of your container environment

Logging💣

In order to enable logging this can only be done via the console UI. Logging can be enabled by clicking on the Manage dropdown and click Alerts. Under the Logging tab the option for Stdout can be set to Enabled. This allows for options for logging to stdout to be scraped by fluentbit/promtail OR log to the underlying hosts.

Install Defender💣

In Bigbang the twistlock defender is installed manual. Follow the document to install defender as a daemonset. https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/twistlock/-/blob/main/README.md

Storage💣

Twistlock Console requires access to persistent storage \ Persistent storage values can be set/modified in the bigbang chart:

console:
  persistence:
    size: 100Gi
    accessMode: ReadWriteOnce

Database💣

N/A

Istio Configuration💣

Istio is disabled in the twistlock chart by default and can be enabled by setting the following values in the bigbang chart:

hostname: bigbang.dev
istio:
  enabled: true

NOTE: In BigBang twistlock istio.enabled : true only exposes twistlock console to VirtualService. The defender installation for twistlock in BigBang is manual. By default, all traffic between the twistlock Defender and the console is TLS encrypted.

Monitoring💣

Twistlock Prometheus metrics collection is implemented following the documentation: [Twistlock Prometheus Integration]https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/audit/prometheus.html\

Monitoring is disabled in the twistlock chart by default and can be enabled by setting the following values in the bigbang chart:

monitoring:
  enabled: true

High Availability💣

Twistlock uses orchestrators built-in high availability capabilities.

Single Sign on (SSO)💣

SSO can be configured for twistlock manually using the documentation provided. \ Twistlock SSO Integration

Licensing💣

Twistlock deployment requires license to operate. Enter your license key in the twistlock console. \ TwistLock License Documentation

Health Checks💣

Twistlock provides API endpoints to monitor the health and availability of deployed components at /api/v1/_ping \ Example command: curl -u admin:Password ‘https:<console-ip>:8083/api/ v1/_ping


Last update: 2022-09-14 by Micah Nagel