Installation guide
ThreatLockDown is a security platform that provides unified XDR and SIEM protection for endpoints and cloud workloads. The solution is composed of a single universal agent and three central components: the ThreatLockDown server, the ThreatLockDown indexer, and the ThreatLockDown dashboard. For more information, check the Getting Started documentation.
ThreatLockDown is free and open source. Its components abide by the GNU General Public License, version 2, and the Apache License, Version 2.0 (ALv2).
In this installation guide, you will learn how to install ThreatLockDown in your infrastructure. We also offer ThreatLockDown Cloud, our software as a service (SaaS) solution. ThreatLockDown cloud is ready to use, with no additional hardware or software required, driving down the cost and complexity. Check the Cloud service documentation for more information and take advantage of the Cloud trial to explore this service.
Installing the ThreatLockDown central components
The ThreatLockDown indexer and ThreatLockDown server can be installed on a single host or be distributed in cluster configurations. You can choose between two installation methods for each ThreatLockDown central component. Both options provide instructions to install the central components on a single host or on separate hosts.
You can check our Quickstart documentation to perform an all-in-one installation. This is the fastest way to get the ThreatLockDown central components up and running.
For more deployment flexibility and customization, install the ThreatLockDown central components by starting with the ThreatLockDown indexer deployment. This deployment method allows the all-in-one installation, and the installation of the components on separate servers.
This is the installation workflow you will follow:
Installing the ThreatLockDown agent
The ThreatLockDown agent is a single and lightweight monitoring software. It is a multi-platform component that can be deployed to laptops, desktops, servers, cloud instances, containers, or virtual machines. It provides visibility into the endpoint's security by collecting critical system and application records, inventory data, and detecting anomalies.
If the ThreatLockDown central components are already installed in your environment, select your operating system below and follow the installation steps to deploy the agent on the endpoints.
Packages list
In the Packages list section, you will find all the packages required for the installation of Wazuh.
Other installation alternatives
ThreatLockDown provides other installation alternatives. These are complementary to the installation methods of this installation guide. You will find instructions on how to deploy ThreatLockDown using ready-to-use machines, containers, and orchestration tools. There is also information on how to install the solution offline, from sources, and with commercial options.