ThreatLocker Ops

3 min. readlast update: 11.07.2023

The ThreatLocker Ops module validates your zero trust policies by allowing you to create rules that notify or respond to specified events. ThreatLocker Ops uses telemetry data, your threat levels, and your policies to define and communicate the current level of attack on your system. 

Navigating to ThreatLocker Ops

To navigate to the ThreatLocker Ops module, expand the 'Modules' dropdown menu within the ThreatLocker Portal and select 'ThreatLocker Ops'. 


ThreatLocker Ops Terminology

Policy Conditions: Monitored parameters which may indicate potential compromise or weakness. Example policy conditions include, but are not limited to:

  • Policy Name
  • Cmd Line Parameters
  • Remote Presence
  • Event Log Source ID
  • Encryption Status 

Policy Actions: Actions which are triggered based on meeting designated policy conditions. Example policy actions include, but are not limited to:

  • Health Center Alert
  • Send Email
  • Enable Application Policy
  • Increase Threat Level
  • Isolate Machine 

Threat Levels: Custom numerical levels which contain a specific set of action policies that activate when a specified threat level is reached. More information about Threat Levels will be found later in this course. 

Adding a New Policy

To add a new policy, navigate to the ThreatLocker Ops module and click the '+ New Policy' button. 

This will open the 'Create New Policy' side panel. 


Policy Level & Policy Info

Open the 'Policy Level' dropdown menu to select the desired policy level.

In the 'Policy Info' section, enter the policy name into the dedicated text field. Then, select your desired policy icon from the dropdown menu. Finally, type out a description of your policy.


Policy Conditions

First, decide if all conditions must be met before the policy action(s) will take place or if the policy action(s) will take place when any one of the conditions are met.

Then, select the condition, operator, and value from the corresponding dropdown menus. Click the green '+' icon add more conditions. If you do not require any additional conditions, move onto the next section of the panel. 

To remove a condition, click the red '-' icon.


Policy Actions

Expand the Action dropdown menu to select the desired response(s). 

Certain actions will prompt additional required fields. Once all fields are completed, click the green '+' icon to add an additional policy action. If you do not require any additional actions, move onto the next section of the panel. 


Policy Expiration & Order

Choose if this policy will be active when created by using the provided toggle.

Choose an optional expiration date.

Choose where the policy will show up in the overall order of ThreatLocker Ops policies. Policies process from top to bottom.


Create Policy & Deploy Policies

Once you have configured the policy as desired, select '+ Create Policy'. The new policy will now appear on your policy list.

Select 'Deploy Policies' to apply your new policy to your environment. 


Need Additional Assistance?

For more information about ThreatLocker Ops or Threat Levels, please see our ThreatLocker Ops course in ThreatLocker University or reach out to the Cyber Heroes who are always available to help.

Was this article helpful?