Help CenterThreatLocker provides reports to help clients view relevant data in an easy and usable form. If a report does not currently exist which presents the desired data, please contact the Cyber Hero Team.
Note: Due to a change in the way the Unified Audit is queried, reports that relied on Unified Audit data had to be removed. The most requested reports have been replaced using the new search. If you need a report that cannot be generated using the Unified Audit, please reach out to the Cyber Hero Team.
To access these reports, navigate to the 'Custom Reports’ page using the sidebar.
Here, you will see two dropdown menus: Category and Report. By default, the Report menu displays all available reports unless they are first filtered using the Category dropdown.
Category
The category dropdown will show you all reports within the specified category.
-
All – Shows you all reports.
-
Audit – Shows you reports related to blocked files and process count.
-
Computers – Shows you a list of computer reports to run.
Report
The Report dropdown menu allows you to select the specific report you want to generate.
-
Override Code History by ComputerId (Agent 7.6 or above) - Shows you the history of override codes for a machine based on the Computer ID entered and whether it has a ThreatLocker agent version 7.6 or above.
-
Override Codes – Shows you the current list of override codes on all machines in the organization at the time the report is run.
-
Override Codes (9.2 or above) - Shows you the current list of override codes on all machines in the organization that have the ThreatLocker agent at 9.2 or above at the time the report is run.
-
Override Use (Including Child Orgs) - Shows you an audit of what actions were taken while a computer was in override mode.
Some reports may require additional details, such as Computer ID or Start Date/End Date. The Start Date/End Date fields will automatically populate with a 24-hour window set at 12 AM on the date you access the report to 12 AM the following day. To change the date or time, selecting the field will provide you with a calendar where you can change the date or time using the arrows provided.
Note: The arrows for the ‘minutes’ section only goes in 5-minute increments. To input a more exact time frame, you can enter the time you want directly into the provided field.
If the report requires a Computer ID, you can find it by navigating to the ‘Devices’ page and selecting the name of the computer you want to run the report on.
A side panel will show you the ‘Computer Details’ page for your selected machine. The Computer ID is at the top of the page.
Once you select a report and input all the required information, select ‘Generate’ to populate the report.
This will populate the report below the input fields. Each column allows sorting via the up/down arrows and searching via the filter button, generating a popup to define granular search parameters to filter that column.
Selecting the ‘Columns Visible’ dropdown will allow you to remove columns by selecting the checkboxes to the left of the column names. This will eliminate information you do not need from your report results.
You can also search for items within the report, all applied filters can be cleared, and results can be exported to .xlsx, .pdf, or .csv by selecting the corresponding button on the right-hand side of the page.
