ConnectWise Automate Continuous Deployment
Note: This can either be done on first deployment, or by using an existing deployment script for ThreatLocker on a scheduled basis. If already in possession of an existing deployment script, the section 'ThreatLocker Automate Deployment Script' can be skipped.
Creating the Opt-in EDF:
- Open ConnectWise Automate.
- Navigate to System-> Configuration->Dashboard->Config->Configurations->Additionals Fields.
- We will create a New EDF that Opts in an Organization at the Client Level.
- Field Name: ThreatLocker Opt-In
- Field Type: Checkbox
- Tab: ThreatLocker
- Data Screen: Clients
- ToolTip: Clients that want TL deployed*
- This EDF will be used to Opt-In the companies you want to deploy ThreatLocker to
- Double Click on the client you would like to Deploy to
- Click on the "Info" tab
- Select the ThreatLocker Tab
- Click on the Check Box to Opt the Client into Deployment.
Autojoin Search Creation:
- Navigate to Automation-> Searches-> View Searches.
- Select Add.
- Select the first "And " and select add a group.
- Select the second "And" and select add a condition (we will select opt-in EDF visible under clients).
The second group that we add will allow us to compound the search criteria. We will be creating a "Not And" group that allows us to only show the machines without ThreatLocker.
- Select the first "And" and add another group.
- Select the third "And" that gets created and we will change this to a "Not And".
- Select "Not And" and add a group.
The "And" that gets generated under the"Not And" will change to Services under Collection Matches.
- Select the autogenerated rule and change to Computer.Services.Name Equals "ThreatLockerService" ( Without Quotations and with the same exact camel casing)
Your search should match the image below:
Applying Search and Script schedule to the A Group:
- Select Browse in the Left Nave
- Select Groups.
We recommend creating a new Group dedicated to ThreatLocker Deployments.
- On the Group being leveraged, select the drop-down for computers under auto-join searches.
- Select the TL deployment search that was created.
- Select Limit to Search.
- At the top left, select Computers-> Scheduled Scripts.
- Select the ThreatLocker Deployment Script.
ThreatLocker Automate Deployment Script
If you do not have the script you can download and import the XML via this link.
Note: The 'Value' for the ThreatLockerAuthKey must be changed to the Unique Identifier after importing the XML. Instrutions for this are below
- Open the script and navigate to the "Globals and Parameters" tab.
- Update the ThreatLockerAuthKey global parameter to your unique identifier from ThreatLocker. For more information on locating your unique identifier, please refer to our article, How to Locate Your Unique Identifier.
- Select Save to save the modified script.
After the script
- After selecting the script, apply a schedule that fits your use case.