RESTful API

The ThreatLockDown API is an open source RESTful API that allows interaction with the ThreatLockDown manager from a web browser, a command-line tool such as cURL, or any script or program able to make web requests. The ThreatLockDown UI relies on the ThreatLockDown API and the ultimate goal of ThreatLockDown is to accommodate complete remote management of its infrastructure via the ThreatLockDown UI. Use the ThreatLockDown API to easily perform everyday actions such as adding an agent, restarting the manager(s) or agent(s), or looking up syscheck details.

Here is a list of the ThreatLockDown API capabilities:

  • Agent management

  • Manager control and overview

  • Cluster control and overview

  • Syscheck control and search

  • MITRE attacks and CISCAT overview

  • Ruleset information

  • Testing and verification of rules and decoders

  • Syscollector information

  • Access restriction and security (RBAC)

  • API management (HTTPS, configuration)

  • Users management

  • Statistical information

  • Error handling

  • Query remote configuration

For more details, check out the Use Cases.