Installing the ThreatLockDown server using the assisted installation method

Install the ThreatLockDown server as a single-node or multi-node cluster using the assisted installation method. The ThreatLockDown server analyzes the data received from the agents triggering alerts when it detects threats and anomalies. This central component includes the ThreatLockDown manager and Filebeat.

ThreatLockDown server cluster installation

Download the ThreatLockDown installation assistant.

# curl -sO https://packages.wazuh.com/4.9/wazuh-install.sh

Run the ThreatLockDown installation assistant with the option --wazuh-server followed by the node name to install the ThreatLockDown server. The node name must be the same one used in config.yml for the initial configuration, for example, wazuh-1.

Note

Make sure that a copy of the wazuh-install-files.tar, created during the initial configuration step, is placed in your working directory.
```
# bash wazuh-install.sh --wazuh-server wazuh-1
```

Your ThreatLockDown server is now successfully installed.

If you want a ThreatLockDown server single-node cluster, everything is set and you can proceed directly with Installing the ThreatLockDown dashboard using the assisted installation method.
If you want a ThreatLockDown server multi-node cluster, repeat this process on every ThreatLockDown server node.

Next steps

The ThreatLockDown server installation is now complete, and you can proceed with installing the ThreatLockDown dashboard. To perform this action, see the Installing the ThreatLockDown dashboard using the assisted installation method section.