Company logoHelp Center
Visit www.threatlocker.com

Guide to Using the Reports Page

6 min. readlast update: 07.02.2025

ThreatLocker provides reports to help clients view relevant data in an easy and usable form. 

Note: Due to a change in the way the Unified Audit is queried, reports that relied on Unified Audit data had to be removed. The most requested reports have been replaced using the new search. If you need a report that cannot be generated using the Unified Audit, please reach out to the Cyber Hero Team. 

To access these reports, navigate to the 'Custom Reports’ page using the sidebar. 

Picture

Here, you will see two dropdown menus: Category and Report. By default, the Report menu displays all available reports unless they are first filtered using the Category dropdown.  

Picture 

Category

The category dropdown will show you all reports within the specified category. 

 

Report 

User Permission Required: View Reports or Super Admin

The Report dropdown menu allows you to select the specific report you want to generate. 

For example:

  • Override Code History by ComputerId (Agent 7.6 or above) - Shows you the history of override codes for a machine based on the Computer ID entered and whether it has a ThreatLocker agent version 7.6 or above. 

  • Override Codes – Shows you the current list of override codes on all machines in the organization at the time the report is run. 

  • Override Codes (9.2 or above) - Shows you the current list of override codes on all machines in the organization that have the ThreatLocker agent at 9.2 or above at the time the report is run. 

  • Override Use (Including Child Orgs) - Shows you an audit of what actions were taken while a computer was in override mode. 

Some reports may require additional details, such as Computer ID or Start Date/End Date. The Start Date/End Date fields will automatically populate with a 24-hour window set at 12 AM on the date you access the report to 12 AM the following day. To change the date or time, selecting the field will provide you with a calendar where you can change the date or time using the arrows provided. 

Note: The arrows for the ‘minutes’ section only goes in 5-minute increments. To input a more exact time frame, you can enter the time you want directly into the provided field. 

Picture

If the report requires a Computer ID, you can find it by navigating to the ‘Devices’ page and selecting the name of the computer you want to run the report on. 

Picture

A side panel will show you the ‘Computer Details’ page for your selected machine. The Computer ID is at the top of the page. 

Picture

Once you select a report and input all the required information, select ‘Generate’ to populate the report. 

Picture 

This will populate the report below the input fields. Each column allows sorting via the up/down arrows and searching via the filter button, generating a popup to define granular search parameters to filter that column.  

Picture

Selecting the ‘Columns Visible’ dropdown will allow you to remove columns by selecting the checkboxes to the left of the column names. This will eliminate information you do not need from your report results. 

Picture 

You can also search for items within the report, all applied filters can be cleared, and results can be exported to .xlsx, .pdf, or .csv by selecting the corresponding button on the right-hand side of the page.  

Picture

 

Schedule Reports

User Permission Required: Schedule Reports or Super Admin

Beginning in Portal 2.23, a 'Schedule Reports' in the top left corner of the Custom Reports page where any report listed in the reports list can be scheduled to be sent on a regular cadence. Instead of sending data as a CSV, this feature will bring recipients to the ThreatLocker portal to view the report. You can optionally have a pre-authorized link sent to the recipient which will bring them to a free standing portal window that only gives access to the specified report without requiring the user to log in. From a pre-authorized link, no other areas of the portal will be accessible.

Select 'Schedule Reports' to open the schedule window.

The window will have 2 tabs, Schedule Reports and New Report.

Schedule Reports

This tab displays all currently scheduled reports.

  1. Select the 'Include Child Organizations' to display scheduled reports for all organizations, including child organizations.
  2. Report Name: Displays the name that has been provided for the report.
  3. Organization: Displays the name of the organization this report is being run on.
  4. Status: Displays if the report is enabled or disabled.
  5. Frequency: Displays the frequency with which this report is being run.
  6. Last Report Date: Displays the last date that this report was run.
  7. Actions: This column holds available actions.
  8. Configure Report: The wrench icon will open the existing report schedule for editing.
  9. Delete Report: The garbage can icon will delete the scheduled report.

New Report

The 'New Report' tab is where all existing reports can be scheduled to be run and sent on a cadence of your choosing.

  1. Report Name: Provide a name for your report.
  2. Report Logo: Insert a url to a hosted image file to have this image displayed in the top right corner of the report.
  3. Category: Select the category to show only reports in that category.
  4. Report: Select the report you wish to schedule.
  5. Report Recipients: Input the email address of the user  to add to the recipient list. (You can leave this blank to have this report run at the set cadence and be visible from the Scheduled Reports tab only)
  6. Pre-Auth Link: Select this to send a pre-authorized link to this recipient so they can view ONLY this report without logging into the portal.
  7. Add: Select the add button to add recipents.
  8. Starting Date: Add the date that you want this report to start being scheduled. This will not be the exact time the report is run. Reports are run by an internal application on a set cadence, and once the start date has passed, the next time the internal application runs, this report will be run.
  9. Frequency: Set how often this report should be run and sent. You can choose from Daily, Weekly, Biweekly, Monthly, and Yearly.
  10. Enabled Switch: If desired, you can toggle this off to disable this scheduled report.
  11. Save Report: Select the Save button to save this scheduled report.

Coming Soon: A 'Report Builder' feature that will enable users to take any Unified Audit search parameters and create their own reports which can be scheduled to be run and sent.

 

 

 

Was this article helpful?