Guide to Using the Reports Page

Updated April 15, 2021

ThreatLocker has incorporated some very useful reports to help our clients consolidate needed information into an easy and useable form. To access these reports, navigate to the Reports page.

Here you will see 2 dropdown menus: Category and Report.

Report

Application Reports

Active Applications - A list of all the active applications in your organization.
Applications Installed/Updated in the Last 30 Days - A list of all the installed or updated applications in the last 30 days.
Applications Installed/Updated in the Last 7 Days - a list of all the installed or updated applications in the last 7 days.
Applications with Path Only Rules - A list of applications that have only path rules. You may want to take a second look at these and see if you can tighten the security on these by adding in another parameter. ThreatLocker recommends against using path only rules.
Applications without Policies - This will populate a list of applications in your organization that are not tied to a policy, meaning they won't be permitted.
Extensions Used in the Last 30 Days - This is a list of all the web extensions used in the last 30 days.
Number of Users per Application - This shows you the number of users using each application, and the number of times that application has been executed.
Top 10 Permitted Applications in the Last 30 Days - This shows you how many times each of the top 10 permitted applications has been permitted in the last 30 days.
Top 10 Permitted Applications in the Last 7 Days - This shows you how many times each of the top 10 permitted applications has been permitted in the last 7 days.
Users per Application in the Last 7 Days - This shows you the specific users that used each application in the past 7 days along with the number of executions.

Approval Reports

Approval Request History (Last 30 Days) - This report will show you the application request, the username, status of the request, date of the request, and if it was approved, you can see who it was approved by.
Approval Requests Actioned in the Last 30 Days - This report will show you only the requests that were processed, their outcomes, and who processed the request.

Audit Reports

Blocked Files in the Last 24 Hours - This will show you the blocked files in the last 24 hours.
Blocked Files in the Last 30 Days - This will show you the blocked files in the last 30 days.
Blocked Files in the Last 7 Days - This will show you the blocked files in the last 7 days.
Processes by Count - This report shows a list of the processes executing in your environment, in order from the highest process count to the lowest.
Top 10 Blocked Files in the Last 30 Days - This generates a report of the top 10 blocked files in the last 30 days.
Top 10 Blocked Files in the Last 7 Days - This generates a report of the top 10 blocked files in the last 7 days.
Top User Blocks in the Last 7 Days - This report gives you a list of users that are receiving the most file blocks and the number of file blocks they have received in the last 7 days.

Computers Reports

All Computers - This gives you a list of all the computers in the organization you are managing. It tells you their OS, hostname, checkin status, last checkin date, last checkin IP address, ThreatLocker Version, last ThreatLocker update, status, and their Tamper Protection status.
All Computers - Including Child Organizations - This gives you a list of all the computers in the entire organization, including child organizations. It tells you their OS, hostname, checkin status, last checkin date, last checkin IP address, ThreatLocker Version, last ThreatLocker update, status, and their Tamper Protection status.
Computer Count by Organization - This gives you a list of all your organizations and each of their total computer counts.
Computers Not Secured (Including Child Organizations) - This gives you a complete list of all computers that are not in a secured status, giving the same information as the Computers report.
Online Devices Not Running ThreatLocker - This gives you a list of devices not running ThreatLocker.
Secured vs Unsecured - This report lists each organization and the number of secured devices and unsecured devices, along with the creation date of the organization.

Policies Reports

Policies Created in the Last 7 Days - This populates a list of policies created in the last 7 days, what level they are permitted at, a description of the policy if available, the policy action, the date created, and the last match date.
Policy List - This generates a list of all your policies, their permit level (from top to bottom), the policy action, date created, and last match date.
Top Matched Policies in the last 7 days - This is a report of the top policies matched in the last 7 days along with the number of times they have been matched.

Storage Control Reports

Files Deleted in the Last 7 Days - This report will list all the files deleted in the last 7 days, the username that deleted it, the date it was deleted, and the hostname it was deleted from.
Processes Accessing a UNC in the Last 7 Days - This report lists the process path of processes accessing a UNC in the last 7 days.
Who Deleted Files in the Last 7 Days - This generates a list of usernames and the number of files they have deleted in the last 7 days.

Storage Devices

USB Serial Numbers - This report will list the serial numbers of all USB devices ThreatLocker has observed in your environment in the last 30 days. This will include both permitted and blocked USBs.

Once you make your selection, click the 'Generate' button to populate your desired report. Below is an example of the 'Active Applications' report. You will see in the top right-hand corner the option to export reports as a PDF or a CSV.

Did this answer your question?

Thanks so much for your feedback!

%s of people found this helpful.

Search our Knowledge Base