To make the onboarding process easier, ThreatLocker has developed a Deployment Center page. The Deployment Center lays out the steps that are needed to be taken to successfully deploy and secure the ThreatLocker Agent. Progress along these steps will be tracked and displayed to provide a quick look at what has been done so far and what still needs to be completed. Links to help documents and online courses are included for each step in case you would like some extra guidance. Consider each of these 4 steps to be a building block on the way to creating a stronger security posture with ThreatLocker.
There are 4 expandable sections in the Deployment Center, each with a colorful status bar to show progress at a glance. Click the down arrow on each section to expand it.
Deploy Agents Section
The Deploy Agents section will provide guidance for deploying the ThreatLocker Agent to all of your endpoints. At the top of this section, you will find a link to the ThreatLocker University course on deployment.
The first task to complete is entering the total number of endpoints under your management.
The Unique Identifier for your organization is conveniently located right above the Deployment Method dropdown menu. You will need this Unique Identifier if you are deploying via an RMM or script as this value will need to be inserted.
Next, you will need to select your method of deployment. The ThreatLocker Agent can be deployed manually, by script, or using an RMM tool. Choose your method from the dropdown menu.
By default, Manual Deployment will be selected from the Deployment Method dropdown. For a manual deployment, select the Organization you are deploying into, and then choose the installer file or PowerShell script that corresponds with the computer group you will be deploying into. ThreatLocker recommends using the Stub Installer when possible for manual deployments as it will always pull down the latest stable version of ThreatLocker applicable to the group you are installing into.
If deploying using an RMM, select the RMM you will be using from the dropdown. This will provide you with step-by-step instructions specific to that RMM as well as the script you will need to use.
Once you have deployed the ThreatLocker Agent to all of the endpoints you specified that you manage, this status bar will be completely full and green, showing you that you have completed this important first step towards securing your environment.
In this section, a quick view of the number of computers that have been in Learning Mode for over 7 days will be provided. There is also a link to the ThreatLocker University course on Learning Mode so you can quickly access more information. Of course, you can always secure at any time, but 7 days will provide time for the ThreatLocker Agent to learn most of what is currently in the environment and create policies to permit those in the future. After these initial 7 days of learning, it will be important to review the Audit for any programs that are not automatically profiled.
Review the Audit Section
In the Review the Audit section, the number of endpoints in your environment that have received no denied files in the past 3 business days will be provided. Remember, as the ThreatLocker Agent is busy learning your environment and creating policies for you automatically based on this, the number of denied files will decrease substantially each day. You should go to the Unified Audit Page and search for all the denies ensuring there are no applications that require some custom rules to be manually created for future-proofing. There is a direct link to the Unified Audit course in ThreatLocker University located here as well to help you make the most of all the filters on the Audit Page.
In the Secure section, the total number of endpoints you manage and the total number of endpoints that are in Secured mode will be listed. The goal is to have 100% of the endpoints you manage to be locked down, moving the progress bar to green. Again, a link to the corresponding ThreatLocker University course has been provided.