CONTAINER MODELS
What are Container Models?π£
Models are automatically created and maintained by Twistlock when a new image is encountered in an environment. A model is effectively an βallow listβ for what a given image should be doing. For example, a model for an Apache image would detail the specific processes that should run within containers derived from the image and what network sockets should be exposed.
You can find existing Container Models by navigating to the Twistlock console, and selecting βContainer Modelsβ in the βRuntimeβ tab, under the βMonitorβ heading in the menu on the left.
You can create custom rules which run alongside Container Models by defining Container Runtime Policies. These policies act as additional rules which take action, such as blocking or alerting, when certain behaviors are detected.
Useful Linksπ£
You can find more exhaustive documentation here:
- https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/runtime_defense/runtime_defense_containers
Create a Scopeπ£
When creating a new rule, you probably also want to define the scope of the rule. You can define the scope by container, host, image, lables, namespaces, etc.
- Navigate to the Twistlock console.
- Select βCollections and Tagsβ under βManageβ from the menu on the left.
- Select βAdd a collectionβ above the table on the βCollectionsβ page.
- Fill out the resulting form, defining containers, hosts, etc. to configure your new scope.
Create a Ruleπ£
We will use the scope defined above to create a new rule. Rules define what actions should be taken if Twistlock encounters a given behavior.
- Navigate to the Twistlock console.
- Select βRuntimeβ under βDefendβ from the menu on the left.
- Select β + Add ruleβ above the table on the βContainer runtime policyβ page.
- Select the scope you created previously.
-
Fill out the resulting form. Take care to select each configuration option you need using the tabs, just below the βScopeβ field.
-
This step may take some time to get right. Incorrectly configuring a rule may result in errors.