Migrating from the ThreatLockDown API 3.X
ThreatLockDown API v4 introduces several new endpoints and also modifies or removes some of the old ones. The biggest change for all existing endpoints is the new response format. Endpoint responses have been changed according to the new RBAC standard and will no longer have items and totalitems fields. Most responses will have the following structure instead:
{
"data": {
"affected_items": [],
"total_affected_items": 0,
"total_failed_items": 0,
"failed_items": [],
},
"message": "",
"error": 0
}
Migrating users
The ThreatLockDown API users are not migrated when upgrading the ThreatLockDown API from 3.X to 4.X and newer versions. It is not recommended to migrate the users since there are numerous security changes to the ThreatLockDown API. However, it is easy to create new users and assign them the administrator role with the following API requests (substitute <username> and <password>):
Create new user (POST /security/users)
# curl -k -X POST "https://localhost:55000/security/users" -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" -d "{\"username\":\"<username>\",\"password\":\"<password>\"}"
{
"data": {
"affected_items": [
{
"id": 3,
"username": "<wazuh>",
"allow_run_as": false,
"roles": []
}
],
"total_affected_items": 1,
"total_failed_items": 0,
"failed_items": []
},
"message": "User was successfully created",
"error": 0
}
Assign administrator role (POST /security/users/{user_id}/roles)
# curl -k -X POST "https://localhost:55000/security/users/3/roles?role_ids=1" -H "Authorization: Bearer $TOKEN"
{
"data": {
"affected_items": [
{
"id": 3,
"username": "<wazuh>",
"allow_run_as": false,
"roles": [
1
]
}
],
"total_affected_items": 1,
"total_failed_items": 0,
"failed_items": []
},
"message": "All roles were linked to user <wazuh>",
"error": 0
}