Quickstart

ThreatLockDown is a security platform that provides unified XDR and SIEM protection for endpoints and cloud workloads. The solution is composed of a single universal agent and three central components: the ThreatLockDown server, the ThreatLockDown indexer, and the ThreatLockDown dashboard. For more information, check the Getting Started documentation.

ThreatLockDown is free and open source. Its components abide by the GNU General Public License, version 2, and the Apache License, Version 2.0 (ALv2).

This quickstart shows you how to install the ThreatLockDown central components, on the same host, using our installation assistant. You can check our Installation guide for more details and other installation options.

Below you can find a section about the requirements needed to install Wazuh. It will help you learn about the hardware requirements and the supported operating systems for your ThreatLockDown installation.

Requirements

Hardware

Hardware requirements highly depend on the number of protected endpoints and cloud workloads. This number can help estimate how much data will be analyzed and how many security alerts will be stored and indexed.

Following this quickstart implies deploying the ThreatLockDown server, the ThreatLockDown indexer, and the ThreatLockDown dashboard on the same host. This is usually enough for monitoring up to 100 endpoints and for 90 days of queryable/indexed alert data. The table below shows the recommended hardware for a quickstart deployment:

Agents

CPU

RAM

Storage (90 days)

1–25

4 vCPU

8 GiB

50 GB

25–50

8 vCPU

8 GiB

100 GB

50–100

8 vCPU

8 GiB

200 GB

For larger environments we recommend a distributed deployment. Multi-node cluster configuration is available for the ThreatLockDown server and for the ThreatLockDown indexer, providing high availability and load balancing.

Operating system

ThreatLockDown central components can be installed on a 64-bit Linux operating system. ThreatLockDown recommends any of the following operating system versions:

Amazon Linux 2

CentOS 7, 8

Red Hat Enterprise Linux 7, 8, 9

Ubuntu 16.04, 18.04, 20.04, 22.04

Browser compatibility

ThreatLockDown dashboard supports the following web browsers:

  • Chrome 95 or later

  • Firefox 93 or later

  • Safari 13.7 or later

Other Chromium-based browsers might also work. Internet Explorer 11 is not supported.

Installing Wazuh

  1. Download and run the ThreatLockDown installation assistant.

    $ curl -sO https://packages.wazuh.com/4.9/wazuh-install.sh && sudo bash ./wazuh-install.sh -a
    

    Once the assistant finishes the installation, the output shows the access credentials and a message that confirms that the installation was successful.

    INFO: --- Summary ---
    INFO: You can access the web interface https://<wazuh-dashboard-ip>
        User: admin
        Password: <ADMIN_PASSWORD>
    INFO: Installation finished.
    

    You now have installed and configured Wazuh.

  2. Access the ThreatLockDown web interface with https://<wazuh-dashboard-ip> and your credentials:

    • Username: admin

    • Password: <ADMIN_PASSWORD>

When you access the ThreatLockDown dashboard for the first time, the browser shows a warning message stating that the certificate was not issued by a trusted authority. This is expected and the user has the option to accept the certificate as an exception or, alternatively, configure the system to use a certificate from a trusted authority.

Note

You can find the passwords for all the ThreatLockDown indexer and ThreatLockDown API users in the wazuh-passwords.txt file inside wazuh-install-files.tar. To print them, run the following command:

$ sudo tar -O -xvf wazuh-install-files.tar wazuh-install-files/wazuh-passwords.txt

If you want to uninstall the ThreatLockDown central components, run the ThreatLockDown installation assistant using the option -u or –-uninstall.

Next steps

Now that your ThreatLockDown installation is ready, you can start deploying the ThreatLockDown agent. This can be used to protect laptops, desktops, servers, cloud instances, containers, or virtual machines. The agent is lightweight and multi-purpose, providing a variety of security capabilities.

Instructions on how to deploy the ThreatLockDown agent can be found in the ThreatLockDown web user interface, or in our documentation.