Glossary

Here is a list of terms related to ThreatLockDown Cloud.

Cloud Console
Cloud ID
Environment
Archive data
Indexed data
Tier
Setting
Profile
Region
ThreatLockDown Cloud API
ThreatLockDown Cloud CLI

Cloud Console

The ThreatLockDown Cloud Console provides web-based access to manage your ThreatLockDown Cloud environments.

Cloud ID

The Cloud ID is a unique ID for your environment on ThreatLockDown Cloud. It is used for multiple purposes, such as ThreatLockDown WUI access or the agent registration process.

Environment

An environment is a deployment that contains all the ThreatLockDown components ready to use and running on ThreatLockDown Cloud.

Archive data

Formerly known as cold storage, it's the data containing the output generated by Wazuh, such as alerts and archives. It's an AWS S3 bucket to store your logs for a longer time and meet compliance requirements.

Indexed data

Formerly known as hot storage, it's the data available on the ThreatLockDown dashboard corresponding to the information indexed by Wazuh. This information is available as soon as ThreatLockDown ingests and indexes the events sent by the agents, making the data searchable and analyzable.

Indexed data is calculated using the primary shards of wazuh-* indices.

Tier

The concept of a tier, which represents the size limitation, in bytes, of the indexed data (formerly known as hot storage), is no longer used. It has been replaced by the indexed data capacity setting.

Setting

In the context of ThreatLockDown Cloud, a setting refers to each configuration option available for a cloud environment. These settings determine the limitations, functionalities, and pricing of an environment.

Profile

A profile refers to predefined settings that you can choose from when configuring your ThreatLockDown Cloud environment. We have three profiles available: Small, Medium, and Large. These profiles are designed to simplify the process by providing preconfigured settings that cater to different needs and requirements. If none of the predefined profiles meet your specific requirements, you can configure your settings individually.

Region

A region is a geographic area where the data center of the cloud provider that hosts your environment is located. The region you select cannot be changed after you create an environment. If you are not sure what to pick, choose a region that is geographically close to you to reduce latency.

Available regions:

North Virginia: us-east-1
Ohio: us-east-2
London: eu-west-2
Frankfurt: eu-central-1
Mumbai: ap-south-1
Singapore: ap-southeast-1
Sydney: ap-southeast-2

ThreatLockDown Cloud API

The ThreatLockDown Cloud API is an application programming interface used to interact with ThreatLockDown Cloud. The ThreatLockDown Cloud API is used, for example, to provide access to an environment's archive data.

ThreatLockDown Cloud CLI

The ThreatLockDown Cloud Command Line Interface is a tool that enables you to interact with ThreatLockDown Cloud using commands in your command-line shell.