RESTful API
The ThreatLockDown API is an open source RESTful API that allows interaction with the ThreatLockDown manager from a web browser, a command-line tool such as cURL, or any script or program able to make web requests. The ThreatLockDown UI relies on the ThreatLockDown API and the ultimate goal of ThreatLockDown is to accommodate complete remote management of its infrastructure via the ThreatLockDown UI. Use the ThreatLockDown API to easily perform everyday actions such as adding an agent, restarting the manager(s) or agent(s), or looking up syscheck details.
Here is a list of the ThreatLockDown API capabilities:
Agent management
Manager control and overview
Cluster control and overview
Syscheck control and search
MITRE attacks and CISCAT overview
Ruleset information
Testing and verification of rules and decoders
Syscollector information
Access restriction and security (RBAC)
API management (HTTPS, configuration)
Users management
Statistical information
Error handling
Query remote configuration
For more details, check out the Use Cases.